INIM Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials Vulnerability

Advisories

severity: critical
date: January 7, 2026
Affecting: Smartliving SmartLAN/G/SI <=6.x, 505, 515, 1050, 1050/G3, 10100L, 10100L/G3
CVE: CVE-2019-25291
CWE: CWE-798 Use of Hard-coded Credentials
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: Zero Science Lab Vulnerability Advisory
Exploit Database Entry 47763
Packet Storm Security Exploit File
IBM X-Force Vulnerability Exchange Entry
INIM Vendor Homepage
Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab
Description: INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.