CVE-2019-25291

HIGH

INIM Electronics Smartliving SmartLAN/G/SI <=6.x - Info Disclosure

Title source: llm

Description

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalhardware

https://www.exploit-db.com/exploits/47763

View Code ZIP pw:eip

References (5)

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47763

[Exploit, Third Party Advisory] https://packetstormsecurity.com/files/155618

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/172838

[Various Sources] https://www.inim.biz/

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (7)

INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 10100L

INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 10100L/G3

INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 1050

INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 1050/G3

INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 505

INIM Electronics s.r.l./Smartliving SmartLAN/G/SI 515

INIM Electronics s.r.l./Smartliving SmartLAN/G/SI <=6.0

Published Jan 08, 2026

Tracked Since Feb 18, 2026