CVE-2019-25289

HIGH

SmartLiving SmartLAN <=6.x - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25289. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit leverages an authenticated remote command injection vulnerability in Inim Electronics Smartliving SmartLAN 6.x via the 'par' POST parameter in the 'testemail' module. It allows execution of arbitrary commands as root using default credentials.

Description

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/47765

View Code ZIP pw:eip

This exploit leverages an authenticated remote command injection vulnerability in Inim Electronics Smartliving SmartLAN 6.x via the 'par' POST parameter in the 'testemail' module. It allows execution of arbitrary commands as root using default credentials.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Inim Electronics Smartliving SmartLAN 6.x

Auth required

Prerequisites: Network access to the target device · Default credentials (admin:pass)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47765

Exploit, Third Party Advisory exploit

https://packetstormsecurity.com/files/155616

Third Party Advisory, VDB Entry vdb-entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/172840

Various Sources product

https://www.inim.biz/

Issue Tracking third-party-advisory

https://cxsecurity.com/issue/WLB-2019120046

Scores

CVSS v3 8.8

EPSS 0.0169

EPSS Percentile 74.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (7)

INIM Electronics s.r.l./SmartLiving SmartLAN/G/SI 10100L

INIM Electronics s.r.l./SmartLiving SmartLAN/G/SI 10100L/G3

INIM Electronics s.r.l./SmartLiving SmartLAN/G/SI 1050

INIM Electronics s.r.l./SmartLiving SmartLAN/G/SI 1050/G3

INIM Electronics s.r.l./SmartLiving SmartLAN/G/SI 505

INIM Electronics s.r.l./SmartLiving SmartLAN/G/SI 515

INIM Electronics s.r.l./SmartLiving SmartLAN/G/SI <=6.0

Published Jan 08, 2026

Tracked Since Feb 18, 2026