CVE-2019-25290 MEDIUM

CVE-2019-25290: INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage

Vendor Inim Electronics S.r.l.
Product Smartliving SmartLAN/G/SI
Weakness CWE-918 · SSRF
Published January 7, 2026
Last update March 23, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.

Key dates

02Disclosure timeline

January 7, 2026 CVE published
March 23, 2026 Record updated