PT-2025-8940 · Trivision · Trivision Camera Nc227Wf

Andrea Brosio

Publicado

2025-02-27

Atualizado

2025-02-27

CVE-2025-1739

CVSS v3.1

7.1

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Trivision Camera NC227WF version 5.8.0

Description An Authentication Bypass issue allows an attacker to retrieve administrator's credentials in cleartext. This is achieved by sending a request to the "/en/player/activex pal.asp" API endpoint with random credentials, resulting in successful authentication of the application.

Recommendations For Trivision Camera NC227WF version 5.8.0, as a temporary workaround, consider restricting access to the "/en/player/activex pal.asp" API endpoint until a patch is available.

Correção

Authentication Bypass Using an Alternate Path or Channel

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-288CWE-598

Identificadores relacionados

CVE-2025-1739

Produtos afetados

Trivision Camera Nc227Wf

PT-2025-8940 · Trivision · Trivision Camera Nc227Wf

CVE-2025-1739

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5