CVE-2022-4982

UNKNOWN 0.0

DBLTek GoIP-1 vGHSFVT-1.1-67-5 Unauthenticated LFI

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC.

CWE	CWE-98 CWE-22
Vendor	dbl technology (dbltek)
Product	goip-1
Published	Nov 12, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for dbl technology (dbltek) goip-1

Be the first to know when new unknown vulnerabilities affecting dbl technology (dbltek) goip-1 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

DBL Technology (DBLTek) / GoIP-1

0 ≤ GHSFVT-1.1-67-5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

shufflingbytes.com: https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/ exploit-db.com: https://www.exploit-db.com/exploits/50775 dbltek.com: http://www.dbltek.com/ vulncheck.com: https://www.vulncheck.com/advisories/dbltek-goip-unauthenticated-lfi

Credits

Valtteri Lehtinen Lassi Korhonen