CVE-2019-25472
Received Received - Intake
Unauthenticated Arbitrary File Read in IntelBras TIP200 IP Phones

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25472
EUVD
EUVD-2019-19748
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
intelbras telefone_ip_tip200 *
intelbras telefone_ip_tip200_lite *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "This vulnerability affects IntelBras Telefone IP TIP200 and 200 LITE devices. It is an unauthenticated arbitrary file read flaw in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send specially crafted GET requests to the device's /cgi-bin/cgiServer.exx endpoint with a command parameter invoking dumpConfigFile() to read sensitive files on the device without any authentication."}, {'type': 'paragraph', 'content': 'The vulnerability allows reading of critical files such as /etc/shadow, which contains hashed passwords, and various configuration files. This means an attacker can remotely access sensitive information stored on the device without needing any credentials or prior authorization.'}] [1]

Impact Analysis

This vulnerability can have serious impacts because it allows an attacker to remotely read sensitive files on the affected device without authentication. Exposure of files like /etc/shadow can reveal hashed passwords for critical users such as root, admin, and guest.

With access to these sensitive files, an attacker could potentially escalate privileges, gain unauthorized control over the device, or use the information to compromise other parts of the network. The confidentiality of sensitive configuration and credential data is compromised, increasing the risk of further attacks.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending HTTP GET requests to the vulnerable device's CGI endpoint to check if arbitrary files can be read without authentication."}, {'type': 'paragraph', 'content': 'A typical detection command involves requesting the /cgi-bin/cgiServer.exx endpoint with the command parameter set to dumpConfigFile() targeting sensitive files such as /etc/shadow.'}, {'type': 'paragraph', 'content': 'For example, you can use curl to test the vulnerability:'}, {'type': 'list_item', 'content': 'curl -k "http://<target-ip>/cgi-bin/cgiServer.exx?command=dumpConfigFile(%22/etc/shadow%22)"'}, {'type': 'paragraph', 'content': 'If the response contains the contents of the requested file (e.g., /etc/shadow), the device is vulnerable.'}, {'type': 'paragraph', 'content': 'Additionally, the exploit described in Resource 1 uses a Perl script that automates this process by sending crafted HTTP requests and analyzing the responses.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25472. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart