CVE-2019-25472

HIGH

IntelBras TIP200/TIP200 LITE - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25472. PoCs published by Todor Donev.

AI-analyzed exploit summary This Perl script exploits an arbitrary file read vulnerability in IntelBras TELEFONE IP TIP200/200 LITE firmware 60.61.75.15 via the 'dumpConfigFile' command in the CGI interface. It sends a crafted HTTP GET request to read sensitive files like /etc/shadow without authentication.

Description

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.

Exploits (1)

exploitdb WORKING POC
by Todor Donev · perlremotehardware
https://www.exploit-db.com/exploits/47337

This Perl script exploits an arbitrary file read vulnerability in IntelBras TELEFONE IP TIP200/200 LITE firmware 60.61.75.15 via the 'dumpConfigFile' command in the CGI interface. It sends a crafted HTTP GET request to read sensitive files like /etc/shadow without authentication.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15
No auth needed
Prerequisites: network access to the target device
devstral-2 · analyzed Mar 12, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0030
EPSS Percentile 21.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-73
Status published
Products (2)
Intelbras/Telefone IP TIP 200
Intelbras/Telefone IP TIP 200 LITE
Published Mar 11, 2026
Tracked Since Mar 12, 2026