High severityNVD Advisory· Published Nov 12, 2025· Updated Apr 15, 2026
CVE-2022-4982
CVE-2022-4982
Description
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (frame.html and frame.A100.html) that accept a path parameter (content or sidebar) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.