QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34023

Published: Jun 20, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

Vendor	Product	Versions
Karel	Karel IP Phone IP1211	unknown `0`

Weaknesses (CWE)

References

https://web.archive.org/web/20201020023943/https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon

product

https://cxsecurity.com/issue/WLB-2020100038

third-party-advisory

exploit

https://www.exploit-db.com/exploits/48857

third-party-advisory

exploit

https://vulncheck.com/advisories/selea-targa-ip-camera-path-traversal

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.