CVE-2019-25472 HIGH

CVE-2019-25472: IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile

Vendor Intelbras
Product Telefone IP TIP 200
Weakness CWE-73
Published March 11, 2026
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.

Key dates

02Disclosure timeline

March 11, 2026 CVE published
April 7, 2026 Record updated