CVE-2019-25290
Unknown Unknown - Not Provided
Unauthenticated SSRF in Smartliving SmartLAN GetImage Function

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: VulnCheck

Description
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25290
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
inim_electronics smartliving_smartlan g
inim_electronics smartliving_smartlan 505
inim_electronics smartliving_smartlan 515
inim_electronics smartliving_smartlan 1050
inim_electronics smartliving_smartlan 1050/g3
inim_electronics smartliving_smartlan 10100l
inim_electronics smartliving_smartlan 10100l/g3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25290 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the GetImage functionality of Inim Electronics Smartliving SmartLAN/G/SI systems version 6.x and earlier. The vulnerability arises because the application processes user input from the 'host' GET parameter without proper validation when constructing an image request via the onvif.cgi endpoint. This allows an attacker to specify arbitrary external domains or IP addresses, causing the device to make HTTP requests to unintended destinations. Essentially, an attacker can exploit this flaw to make the device send requests to other internal or external network resources. [1, 2]

Impact Analysis

This vulnerability can be exploited by attackers to bypass firewalls and perform internal network and service enumeration remotely through the affected device. Since the device can be induced to make HTTP requests to arbitrary hosts without authentication, attackers can use it as a pivot point to gather information about internal network resources that are otherwise inaccessible. This can lead to further attacks or reconnaissance activities against the internal network. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to exploit the SSRF via the onvif.cgi endpoint using the 'host' GET parameter. A proof-of-concept involves sending a crafted HTTP request to the onvif.cgi service with an arbitrary external domain in the 'host' parameter to see if the system makes HTTP requests to unintended destinations. For example, using curl to send a POST request with manipulated parameters to onvif.cgi can demonstrate the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the onvif.cgi endpoint to trusted users or networks, implementing input validation or filtering on the 'host' parameter to prevent arbitrary external requests, and monitoring network traffic for unusual outbound HTTP requests initiated by the device. Additionally, disabling remote access features or the vulnerable functionality until a patch or update is available can reduce risk. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25290. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart