Multiple vulnerabilities in Trivision Camera NC227WF
Posted date 27/02/2025
Identificador
INCIBE-2025-0107
Importance
4 - High
Affected Resources
Camera NC227WF, version 5.8.0.
Description
INCIBE has coordinated the publication of 2 high severity vulnerabilities affecting Trivision Camera NC227WF, version 5.8.0 which have been discovered by Andrea Brosio and Andris Raugulis.
These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability.
- CVE-2025-1738: CVSS v3.1: 6.2 | CVSS AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | CWE-598.
- CVE-2025-1739: CVSS v3.1: 7.1 | CVSS AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. | CWE-288.
Solution
There is no reported solution at this time.
Detail
- CVE-2025-1738: A Password Transmitted over Query String vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity, exposing this sensitive information to a third party.
- CVE-2025-1739: An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activex_pal.asp" and successfully authenticating the application.
References list
Etiquetas