IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile

Advisories

IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile

severity: high
date: 3/11/2026
Affecting: Telefone IP TIP 200 <= *
Telefone IP TIP 200 LITE <= *
CVE: CVE-2019-25472
CWE: CWE-73 External Control of File Name or Path
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-47337
Intelbras Product Documentation
Credit: Todor Donev
Description: IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo