CVE-2019-25465 HIGH

CVE-2019-25465: Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal

Vendor Hisilicon
Product HiIpcam
Weakness CWE-260
Published March 11, 2026
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings.

Key dates

02Disclosure timeline

March 11, 2026 CVE published
April 7, 2026 Record updated