CVE-2025-3403

Name of the Vulnerable Software and Affected Versions: Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P versions 2.4.0.204/3.3.0.104/4.2.0.101

Description: A vulnerability was found in the HTML Form Handler component of Vivotek NVR devices. The manipulation leads to the inclusion of sensitive information in the source code. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.