CVE-2019-17662

CRITICAL NUCLEI

ThinVNC 1.0b1 - Path Traversal and Arbitrary File Read via ThinVnc.ini

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 9 public exploits for CVE-2019-17662. PoCs published by Nikhith Tumamlapalli, MuirlandOracle, bl4ck574r, including Metasploit module auxiliary/scanner/http/thinvnc_traversal. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit bypasses authentication in ThinVNC 1.0b1 by reading arbitrary files via a path traversal vulnerability. It specifically targets the ThinVnc.ini file to extract sensitive configuration data.

Description

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.

Exploits (9)

exploitdb WORKING POC VERIFIED
by Nikhith Tumamlapalli · pythonremotewindows
https://www.exploit-db.com/exploits/47519

This exploit bypasses authentication in ThinVNC 1.0b1 by reading arbitrary files via a path traversal vulnerability. It specifically targets the ThinVnc.ini file to extract sensitive configuration data.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ThinVNC 1.0b1
No auth needed
Prerequisites: Network access to the ThinVNC server · ThinVNC service running on default or specified port
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 18 stars
by MuirlandOracle · poc
https://github.com/MuirlandOracle/CVE-2019-17662

This repository contains a functional Python exploit for CVE-2019-17662, an arbitrary file read vulnerability in ThinVNC. The exploit leverages path traversal to read sensitive files, including credentials from ThinVnc.ini, and includes improvements over the original PoC to bypass path normalization issues.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ThinVNC
No auth needed
Prerequisites: Network access to the ThinVNC server · ThinVNC service running on the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 2 stars
by bl4ck574r · poc
https://github.com/bl4ck574r/CVE-2019-17662

This repository contains a functional Python exploit for CVE-2019-17662, which leverages a directory traversal vulnerability in ThinVNC to bypass authentication and fetch the ThinVnc.ini configuration file. The exploit uses prepared requests to bypass URL normalization in Python 3's requests module.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ThinVNC (version not specified)
No auth needed
Prerequisites: Network access to the ThinVNC server · ThinVNC service running on the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 2 stars
by whokilleddb · poc
https://github.com/whokilleddb/CVE-2019-17662

This repository contains a functional exploit for CVE-2019-17662, which targets ThinVNC 1.0b1. The exploit performs a directory traversal attack to read arbitrary files, specifically targeting the ThinVnc.ini file to extract credentials stored in cleartext.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ThinVNC 1.0b1
No auth needed
Prerequisites: Network access to the ThinVNC server · ThinVNC server running on port 8080 or similar
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by thomas-osgood · poc
https://github.com/thomas-osgood/CVE-2019-17662

This Go-based exploit targets CVE-2019-17662, a directory traversal vulnerability in ThinVNC. It retrieves sensitive files (e.g., ThinVnc.ini) by manipulating paths, extracting credentials via regex parsing. The code includes robust error handling and connection testing.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: ThinVNC (Atlas)
No auth needed
Prerequisites: Network access to vulnerable ThinVNC server
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by kxisxr · poc
https://github.com/kxisxr/Bash-Script-CVE-2019-17662

This script exploits CVE-2019-17662, a path traversal vulnerability in ThinVNC, to leak credentials stored in the ThinVnc.ini file. It sends a crafted HTTP request to retrieve sensitive information without authentication.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ThinVNC (version not specified)
No auth needed
Prerequisites: Network access to the ThinVNC server · ThinVNC service running on the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by rajendrakumaryadav · poc
https://github.com/rajendrakumaryadav/CVE-2019-17662-Exploit

This repository contains a functional exploit for CVE-2019-17662, which leverages a directory traversal vulnerability in ThinVNC 1.0b1 to read arbitrary files, including the configuration file containing plaintext credentials. The exploit constructs a malicious URL with path traversal sequences to fetch the ThinVnc.ini file and extracts credentials from it.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ThinVNC 1.0b1
No auth needed
Prerequisites: Network access to the ThinVNC server · ThinVNC server running on a known URL and port
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by Tamagaft · poc
https://github.com/Tamagaft/CVE-2019-17662

The repository claims to be a Golang implementation of CVE-2019-17662 (TinyVNC Arbitrary File Read leading to Authentication Bypass) but contains only a skeleton with no functional exploit logic. The `exploit` function merely resolves a DNS lookup and prints an IP, with no actual exploitation code.

Classification
Stub 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: TinyVNC
No auth needed
Prerequisites: Network access to TinyVNC server
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC
by jinxbox, WarMarX, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/thinvnc_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in ThinVNC versions 1.0b1 and prior, allowing unauthenticated users to retrieve arbitrary files, including the ThinVNC configuration file. It sends a crafted HTTP request with traversal sequences to read the specified file.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ThinVNC versions 1.0b1 and prior
No auth needed
Prerequisites: Network access to the ThinVNC server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

ThinVNC 1.0b1 - Authentication Bypass
CRITICALVERIFIEDby DhiyaneshDK
Shodan: http.favicon.hash:-1414548363
FOFA: icon_hash=-1414548363

References (4)

Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://redteamzone.com/ThinVNC/
Third Party Advisory x_refsource_misc
https://github.com/bewest/thinvnc/issues/5
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html

Scores

CVSS v3 9.8
EPSS 0.9410
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22 CWE-522
Status published
Products (1)
cybelsoft/thinvnc 1.0 b1
Published Oct 16, 2019
Tracked Since Feb 18, 2026