CVE-2019-25290

MEDIUM

Smartliving SmartLAN/G/SI <=6.x - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25290. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in Inim Electronics Smartliving SmartLAN 6.x. The vulnerability allows an attacker to force the application to make arbitrary HTTP requests via the 'host' parameter in the GetImage functionality.

Description

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappshardware
https://www.exploit-db.com/exploits/47764

This exploit demonstrates an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in Inim Electronics Smartliving SmartLAN 6.x. The vulnerability allows an attacker to force the application to make arbitrary HTTP requests via the 'host' parameter in the GetImage functionality.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: Inim Electronics Smartliving SmartLAN/G/SI <=6.x
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47764
Exploit, Third Party Advisory exploit
https://packetstormsecurity.com/files/155617
Third Party Advisory, VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/172839
Various Sources product
https://www.inim.biz/

Scores

CVSS v3 5.3
EPSS 0.0032
EPSS Percentile 23.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-918
Status published
Products (7)
INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 10100L
INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 10100L/G3
INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 1050
INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 1050/G3
INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 505
INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 515
INIM Electronics s.r.l./Smartliving SmartLAN/G/SI <=6.0
Published Jan 08, 2026
Tracked Since Feb 18, 2026