CVE-2019-25290
INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.
| CWE | CWE-918 |
| Vendor | inim electronics s.r.l. |
| Product | smartliving smartlan/g/si |
| Published | Jan 7, 2026 |
| Last Updated | Mar 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for inim electronics s.r.l. smartliving smartlan/g/si
Be the first to know when new medium vulnerabilities affecting inim electronics s.r.l. smartliving smartlan/g/si are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
INIM Electronics s.r.l. / Smartliving SmartLAN/G/SI
<=6.0 505 515 1050 1050/G3 10100L 10100L/G3
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php exploit-db.com: https://www.exploit-db.com/exploits/47764 packetstormsecurity.com: https://packetstormsecurity.com/files/155617 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/172839 inim.biz: https://www.inim.biz/
Credits
Sipke Mellema