CVE-2025-1739

Published Feb 27, 2025

Last updated a month ago

CVSS high 7.1

Overview

Description
An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activex_pal.asp" and successfully authenticating the application.
Source
cve-coordination@incibe.es
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
4.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Severity
HIGH

Weaknesses

cve-coordination@incibe.es
CWE-288

Social media

Hype score
Not currently trending

  1. CVE-2025-1739 An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve admin… https://t.co/43DBOSb9UL

    @CVEnew

    27 Feb 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References