CVE-2025-1739

CVSS v3.1

7.1

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Trivision Camera NC227WF version 5.8.0

Description An Authentication Bypass issue allows an attacker to retrieve administrator's credentials in cleartext. This is achieved by sending a request to the "/en/player/activex pal.asp" API endpoint with random credentials, resulting in successful authentication of the application.

Recommendations For Trivision Camera NC227WF version 5.8.0, as a temporary workaround, consider restricting access to the "/en/player/activex pal.asp" API endpoint until a patch is available.

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-598

Related Identifiers

CVE-2025-1739

Affected Products

Trivision Camera Nc227Wf

CVE-2025-1739

Weakness Enumeration

Related Identifiers

Affected Products

References · 5