CVE-2022-4982

HIGH EXPLOITED

DBLTek GoIP-1 <GHSFVT-1.1-67-5 - Local File Inclusion

Title source: llm

Exploitation Summary

CVE-2022-4982 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Valtteri Lehtinen.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Dbltek GoIP devices, allowing unauthorized access to sensitive files such as /etc/passwd and configuration files containing credentials. The PoC provides specific URLs to exploit the vulnerability without requiring authentication.

Description

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC.

Exploits (1)

exploitdb WORKING POC

by Valtteri Lehtinen · textwebappshardware

https://www.exploit-db.com/exploits/50775

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Dbltek GoIP devices, allowing unauthorized access to sensitive files such as /etc/passwd and configuration files containing credentials. The PoC provides specific URLs to exploit the vulnerability without requiring authentication.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Dbltek GoIP-1 (firmware version GHSFVT-1.1-67-5)

No auth needed

Prerequisites: Device must be accessible on the network · Configuration file must be backed up for config.dat retrieval

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources technical-description exploit

https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/50775

Various Sources product

http://www.dbltek.com/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/dbltek-goip-unauthenticated-lfi

Scores

CVSS v4 8.7

EPSS 0.0043

EPSS Percentile 34.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-11-12

CWE

CWE-22 CWE-98

Status published

Products (1)

DBL Technology (DBLTek)/GoIP-1 < GHSFVT-1.1-67-5

Published Nov 12, 2025

Tracked Since Feb 18, 2026