CVE-2019-25239 HIGH

CVE-2019-25239: V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download

Vendor Guangzhou V-Solution Electronic Technology
Product GPON/EPON OLT Platform
Weakness CWE-552 · Files accessible externally
Published December 24, 2025
Last update December 24, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated