{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2019-25290","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-01-06T16:07:08.528Z","datePublished":"2026-01-07T23:10:04.541Z","dateUpdated":"2026-03-23T15:43:26.667Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-03-23T15:43:26.667Z"},"datePublic":"2019-12-09T00:00:00.000Z","title":"INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage","descriptions":[{"lang":"en","value":"Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Server-Side Request Forgery (SSRF)","cweId":"CWE-918","type":"CWE"}]}],"affected":[{"vendor":"INIM Electronics s.r.l.","product":"Smartliving SmartLAN/G/SI","versions":[{"version":"<=6.0","status":"affected"},{"version":"505","status":"affected"},{"version":"515","status":"affected"},{"version":"1050","status":"affected"},{"version":"1050/G3","status":"affected"},{"version":"10100L","status":"affected"},{"version":"10100L/G3","status":"affected"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.9,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php","name":"Zero Science Lab Vulnerability Advisory","tags":["third-party-advisory"]},{"url":"https://www.exploit-db.com/exploits/47764","name":"Exploit Database Entry 47764","tags":["exploit"]},{"url":"https://packetstormsecurity.com/files/155617","name":"Packet Storm Security Exploit File","tags":["exploit"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/172839","name":"IBM X-Force Vulnerability Exchange Entry","tags":["vdb-entry"]},{"url":"https://www.inim.biz/","name":"INIM Vendor Homepage","tags":["product"]}],"credits":[{"lang":"en","value":"Sipke Mellema","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-08T19:24:28.822286Z","id":"CVE-2019-25290","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-08T19:24:33.517Z"}}]}}