CVE-2019-25289 HIGH

CVE-2019-25289: INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution

Vendor Inim Electronics S.r.l.
Product SmartLiving SmartLAN/G/SI
Weakness CWE-78
Published January 7, 2026
Last update March 23, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.

Key dates

02Disclosure timeline

January 7, 2026 CVE published
March 23, 2026 Record updated