CVE-2025-34023

Karel IP Phone IP1211 Path Traversal

CVSS 8.5 HIGHEPSS 1.4%CWE-22

A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Productos afectados

Karel · Karel IP Phone IP1211

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cxsecurity.com/issue/WLB-2020100038 https://vulncheck.com/advisories/selea-targa-ip-camera-path-traversal https://web.archive.org/web/20201020023943/https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon https://www.exploit-db.com/exploits/48857