Skip to main content

IoT CVE-2025-34023

| EUVDEUVD-2025-18777 HIGH
Path Traversal (CWE-22)
2025-06-20 disclosure@vulncheck.com
8.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2025-18777
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
PoC Detected
Nov 20, 2025 - 22:15 vuln.today
Public exploit code
CVE Published
Jun 20, 2025 - 19:15 nvd
HIGH 8.5

DescriptionCVE.org

A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

AnalysisAI

CVE-2025-34023 is a path traversal vulnerability in Karel IP1211 IP Phone's web management panel that allows remote authenticated attackers to read arbitrary files from the underlying system via unsanitized input to the /cgi-bin/cgiServer.exx endpoint's page parameter. This vulnerability affects IP phone administrators with network access to the management interface and carries a CVSS 8.5 score reflecting high confidentiality impact. Active exploitation evidence was documented by Shadowserver Foundation on 2025-02-02 UTC, indicating real-world attack activity.

Technical ContextAI

The vulnerability exists in the Karel IP1211 IP Phone's CGI-based web management interface, specifically in the cgiServer.exx endpoint. The vulnerability stems from improper input validation of the 'page' parameter, allowing path traversal sequences (e.g., ../, ..\ or encoded variants) to bypass directory restrictions and traverse the filesystem. This is a classic CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) vulnerability where user-supplied input is used directly in file access operations without proper canonicalization or validation. The IP1211 is a VoIP/IP telephony device that runs embedded Linux or similar firmware; the cgiServer.exx is a C++ CGI application handling HTTP requests to the management web interface typically running on port 80 or 8080. The lack of input sanitization means attackers can construct payloads like '../../etc/passwd' or URL-encoded variants to read sensitive configuration files, credential stores, or system files containing passwords, SSH keys, or network topology information.

Affected ProductsAI

Affected Product: Karel IP1211 IP Phone. Specific component: Web management panel (/cgi-bin/cgiServer.exx endpoint). CPE approximation: cpe:2.3:h:karel:ip1211:-:*:*:*:*:*:*:* (hardware device; firmware versions not specified in CVE description but likely multiple firmware builds are affected given the CGI endpoint vulnerability). Vendor: Karel Electronics (Czech VoIP equipment manufacturer). No specific patched version numbers are provided in the CVE description; vendor advisory details are not included in the provided data. All versions of Karel IP1211 with web management functionality should be considered at risk unless vendor patches are applied.

RemediationAI

Immediate actions: (1) Restrict network access to the Karel IP1211 web management interface—implement firewall rules to limit access to administrative IP ranges only; (2) Change default credentials if not already done; enforce strong, unique administrator passwords; (3) Disable web management access if not required, preferring physical management or VPN-based access. Patch remediation: Contact Karel Electronics directly for firmware updates addressing CVE-2025-34023. Check the vendor's security advisory portal for patches (typical URLs: support.karel.cz or similar). If patches are available, schedule firmware updates following the vendor's procedures (usually requiring device reboot). Workarounds pending patches: (1) Implement Web Application Firewall (WAF) rules to block requests containing '../', '..\', or URL-encoded variants (%2e%2e%2f) in the 'page' parameter; (2) Deploy network segmentation to isolate IP phone management interfaces; (3) Monitor access logs for suspicious path traversal attempts. Long-term: Upgrade to Karel IP phone models with more recent firmware or alternative vendors with demonstrated secure development practices.

More in IoT

View all
CVE-2025-45988 CRITICAL POC
9.8 Jun 13

A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.

CVE-2026-29128 CRITICAL POC
10.0 Mar 05

Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.

CVE-2025-63624 CRITICAL POC
9.8 Feb 03

Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the

CVE-2026-25139 CRITICAL POC
9.1 Feb 04

RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure o

CVE-2025-5875 HIGH POC
8.8 Jun 09

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available

CVE-2025-48466 HIGH POC
8.1 Jun 24

CVE-2025-48466 is a security vulnerability (CVSS 8.1). Risk factors: public PoC available.

CVE-2026-27177 HIGH POC
7.2 Feb 18

MajorDoMo's unauthenticated /objects/?op=set endpoint fails to sanitize property values, allowing remote attackers to in

CVE-2025-7503 CRITICAL
10.0 Jul 11

CVE-2025-7503 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affect

CVE-2025-64090 CRITICAL
10.0 Jan 09

Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.

CVE-2026-1633 CRITICAL
10.0 Feb 04

Synectix LAN 232 TRIO serial-to-ethernet adapter exposes its web management interface without authentication (CVSS 10.0)

CVE-2025-40805 CRITICAL
10.0 Jan 13

An API authentication bypass allows unauthenticated attackers to impersonate legitimate users. Maximum CVSS 10.0 with sc

CVE-2025-48890 CRITICAL
9.8 Jun 24

CVE-2025-48890 is a critical OS command injection vulnerability in the miniigd SOAP service affecting WRH-733GBK and WRH

Share

CVE-2025-34023 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy