PT-2025-53326 · Rifatron · Rifatron 5Brid Dvr Eh6-504+3

Published

2025-12-24

·

Updated

2025-12-24

·

CVE-2019-25240

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Rifatron 5brid DVR versions HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504
Description The Rifatron 5brid DVR contains a flaw in the animate.cgi script that permits unauthorized access to live video streams. An attacker can leverage the Mobile Web Viewer module to obtain sequential video snapshots by specifying channel numbers, without needing authentication.
Recommendations Apply updates to Rifatron 5brid DVR versions HD6-532/516. Apply updates to Rifatron 5brid DVR versions DX6-516/508/504. Apply updates to Rifatron 5brid DVR versions MX6-516/508/504. Apply updates to Rifatron 5brid DVR versions EH6-504.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-25240

Affected Products

Rifatron 5Brid Dvr Dx6-516/508/504
Rifatron 5Brid Dvr Eh6-504
Rifatron 5Brid Dvr Hd6-532/516
Rifatron 5Brid Dvr Mx6-516/508/504