- Description
- A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences (e.g., ../../). This can expose sensitive files such as /etc/passwd and /etc/shadow.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.5
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- disclosure@vulncheck.com
- CWE-22
- Hype score
- Not currently trending
CVE-2025-34023 Path Traversal in Karel IP1211 IP Phone Web Management Pa... https://t.co/ySBEspAwak Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
21 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-34023: HIGH] Vulnerability alert: Karel IP1211 IP Phone's web management panel is compromised due to path traversal flaw, enabling attackers to access sensitive system files remotely.#cve,CVE-2025-34023,#cybersecurity https://t.co/yGt1D11XP3 https://t.co/mjmWkybDHf
@CveFindCom
20 Jun 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes