Unauthenticated Configuration Disclosure in Tellion HN-2204AP Routers
CVE-2019-25227

8.7HIGH

Key Information:

Vendor

Tellion, Inc.

Status
Hn-2204ap Router
Vendor
CVE Published:
26 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2019-25227?

The Tellion HN-2204AP routers exhibit a critical flaw in their configuration management system, where an unauthenticated user can access sensitive configuration data via the /cgi-bin/system_config_file endpoint. This security lapse permits remote attackers to download a compressed archive of configuration settings, potentially exposing administrative credentials, wireless keys, and other critical network configurations. Such exposure not only jeopardizes the integrity of the device but may also lead to further compromises within the connected network.

Affected Version(s)

HN-2204AP Router 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-25227 - Proof of Concept

References

https://packetstorm.news/files/id/154752/
exploit
https://web.archive.org/web/20190525010559/https://www.te...
product
https://www.vulncheck.com/advisories/tellion-hn2204ap-una...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Todor Donev
JSON
.
CVE-2019-25227 : Unauthenticated Configuration Disclosure in Tellion HN-2204AP Routers