CVE-2019-25465
Directory Traversal in Hisilicon HiIpcam Exposes ADSL Credentials
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hisilicon | hiipcamm_v100r003 | * |
| hisilicon | hiipcamm | v100r003 |
| thttpd | thttpd | 2.25b |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-260 | The product stores a password in a configuration file that might be accessible to actors who do not know the password. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25465 is a directory traversal vulnerability found in Hisilicon HiIpcam V100R003 devices. It allows unauthenticated attackers to exploit directory listing in the cgi-bin directory to access sensitive configuration files.
Attackers can send requests to the getadslattr.cgi endpoint to retrieve critical network configuration parameters such as ADSL credentials, usernames, passwords, and DNS settings without needing any authentication.
The vulnerability arises due to insufficient input validation and lack of proper access controls on the CGI-bin interface, enabling unauthorized remote attackers to enumerate and read sensitive files.
How can this vulnerability impact me? :
This vulnerability can have serious security impacts as it allows attackers to remotely access sensitive device information without authentication.
- Attackers can obtain ADSL credentials, including usernames and passwords.
- Network configuration parameters such as DNS settings and IP addresses can be exposed.
- Unauthorized access to these details can lead to further compromise of the device or network.
- The vulnerability could be used as a stepping stone for more advanced attacks or unauthorized network access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending HTTP GET requests to the /cgi-bin/ directory of the target device and checking for a directory listing response.'}, {'type': 'paragraph', 'content': 'Specifically, you can request the getadslattr.cgi endpoint or simply check if the response contains the string "<H2>Index of /cgi-bin/</H2>", which indicates that directory listing is enabled and the device is vulnerable.'}, {'type': 'paragraph', 'content': 'An example approach is to use tools like curl or wget to send requests and inspect responses.'}, {'type': 'list_item', 'content': 'curl -i http://<target-ip>/cgi-bin/ | grep "<H2>Index of /cgi-bin/</H2>"'}, {'type': 'list_item', 'content': 'curl http://<target-ip>/cgi-bin/getadslattr.cgi'}, {'type': 'paragraph', 'content': 'If the directory listing is accessible or the getadslattr.cgi returns sensitive configuration data such as ADSL credentials, usernames, passwords, or DNS settings, the device is vulnerable.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
I don't know