CVE-2018-25130

Summary

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.

Affected Software

VendorProductVersion RangeStatus
Beward R&D Co., LtdBEWARD Intercom2.3.1.34471affected
Beward R&D Co., LtdBEWARD Intercom2.3.0affected
Beward R&D Co., LtdBEWARD Intercom2.2.11affected
Beward R&D Co., LtdBEWARD Intercom2.2.10.5affected
Beward R&D Co., LtdBEWARD Intercom2.2.9affected
Beward R&D Co., LtdBEWARD Intercom2.2.8.9affected
Beward R&D Co., LtdBEWARD Intercom2.2.7.4affected

Weaknesses

  • CWE-256: Plaintext Storage of a Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References