CVE-2025-34023 Information
Jun 21, 2025
cve
Description
A path traversal vulnerability exists in the Karel IP1211 IP Phone’s web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences (e.g. ../../). This can expose sensitive files such as /etc/passwd and /etc/shadow.
Reference
https://cxsecurity.com/issue/WLB-2020100038 https://vulncheck.com/advisories/selea-targa-ip-camera-path-traversal https://web.archive.org/web/20201020023943/https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon https://www.exploit-db.com/exploits/48857
Related CNNVD
CNNVD-202506-2810 (Published: 2025-06-20)
Share on: