{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25472", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-22T14:43:03.387Z", "datePublished": "2026-03-11T18:23:15.474Z", "dateUpdated": "2026-04-07T14:04:29.982Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:04:29.982Z"}, "title": "IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path", "type": "CWE"}]}], "affected": [{"vendor": "Intelbras", "product": "Telefone IP TIP 200", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}, {"vendor": "Intelbras", "product": "Telefone IP TIP 200 LITE", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.</p>"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/47337", "name": "ExploitDB-47337", "tags": ["exploit"]}, {"url": "https://backend.intelbras.com/sites/default/files/integration/lamina_tip-200-lite_e_tip-200.pdf", "name": "Intelbras Product Documentation", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/intelbras-telefone-ip-tip200-200-lite-arbitrary-file-read-via-dumpconfigfile", "name": "VulnCheck Advisory: IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Todor Donev", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-09-02T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25472", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:46:47.213472Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:31:02.474Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25472", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:46:47.213472Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:22:52.576Z"}}], "cna": {"title": "IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Todor Donev"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Intelbras", "product": "Telefone IP TIP 200", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}, {"vendor": "Intelbras", "product": "Telefone IP TIP 200 LITE", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.exploit-db.com/exploits/47337", "name": "ExploitDB-47337", "tags": ["exploit"]}, {"url": "https://backend.intelbras.com/sites/default/files/integration/lamina_tip-200-lite_e_tip-200.pdf", "name": "Intelbras Product Documentation", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/intelbras-telefone-ip-tip200-200-lite-arbitrary-file-read-via-dumpconfigfile", "name": "VulnCheck Advisory: IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.", "supportingMedia": [{"type": "text/html", "value": "<p>IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-11T21:44:07.795Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25472", "state": "PUBLISHED", "dateUpdated": "2026-03-11T21:44:07.795Z", "dateReserved": "2026-02-22T14:43:03.387Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-11T18:23:15.474Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization."}], "id": "CVE-2019-25472", "lastModified": "2026-03-12T21:08:22.643", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-11T19:16:01.007", "references": [{"source": "disclosure@vulncheck.com", "url": "https://backend.intelbras.com/sites/default/files/integration/lamina_tip-200-lite_e_tip-200.pdf"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/47337"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/intelbras-telefone-ip-tip200-200-lite-arbitrary-file-read-via-dumpconfigfile"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Telefone IP TIP 200", "source": "cna", "vendor": "Intelbras"}, "product": "telefone_ip_tip_200", "vendor": "intelbras"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Telefone IP TIP 200 LITE", "source": "cna", "vendor": "Intelbras"}, "product": "telefone_ip_tip_200_lite", "vendor": "intelbras"}], "analysis": {"en": {"generated_at": "2026-03-17T15:07:59.308011+00:00", "value": {"mitigation_remediation": ["Check the Intelbras website or customer portal for an official firmware update or patch that addresses CVE-2019-25472", "Apply the identified patch or firmware upgrade to the affected Telefone IP TIP 200 or 200 LITE devices"], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "The affected products are Intelbras Telefone IP TIP 200 and Intelbras Telefone IP TIP 200 LITE. No specific firmware or model version information is provided, so the flaw is presumed to exist across the reported variants of these devices.", "description_and_impact": "Intelbras Telefone IP TIP 200 and TIP 200 LITE expose a vulnerability that allows unauthenticated remote attackers to read any file on the device through the dumpConfigFile function accessed via the cgiServer.exx endpoint. This directly results in loss of confidentiality for configuration files and credentials such as /etc/shadow. The weakness is a classic absolute path traversal (CWE\u201173).", "risk_and_exploitability": "The base CVSS score of 8.7 indicates high severity. An EPSS score of less than 1% suggests that exploitation has been uncommon, and the flaw is not listed in CISA\u2019s KEV catalog. Attackers can exploit the issue by sending a simple GET request to /cgi-bin/cgiServer.exx with the command parameter set to dumpConfigFile(), requiring only network reachability to the device and no authentication."}}}}, "created": "2026-03-12T09:57:12.570505+00:00", "updated": "2026-03-20T15:29:47.178695+00:00", "vendors": ["intelbras", "intelbras$PRODUCT$telefone_ip_tip_200", "intelbras$PRODUCT$telefone_ip_tip_200_lite"]}