Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Hisilicon HiIpcam V100R003: Unauthenticated Access to Sensitive Configuration Files
CVE-2019-25465
Summary
An attacker can access sensitive information like usernames and passwords without needing a login. This is a concern because it could allow an unauthorized person to gain access to your network. To fix this, update the HiIpcam software to the latest version.
Original title
Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin ...
Original description
Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-260
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026