CVE-2019-25227

Vulnerability Description

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration may include administrative credentials, wireless keys, and other sensitive settings, enabling an unauthenticated attacker to obtain information that can facilitate further compromise of the device or network.

Related Weaknesses (CWE)

References

• https://packetstorm.news/files/id/154752/
• https://web.archive.org/web/20190525010559/https://www.tellion.com/
• https://www.vulncheck.com/advisories/tellion-hn2204ap-unauthenticated-config-dis

FAQ

What is CVE-2019-25227?

CVE-2019-25227 is a documented vulnerability. Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. The endpoint allows remote retrieval of a compressed...

How severe is CVE-2019-25227?

CVSS scoring is not yet available for CVE-2019-25227. Check NVD for updates.

Is there a patch for CVE-2019-25227?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.