CVE-2018-25130
6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Beward R&D Co., Ltd | BEWARD Intercom | 2.3.1.34471 | affected |
| Beward R&D Co., Ltd | BEWARD Intercom | 2.3.0 | affected |
| Beward R&D Co., Ltd | BEWARD Intercom | 2.2.11 | affected |
| Beward R&D Co., Ltd | BEWARD Intercom | 2.2.10.5 | affected |
| Beward R&D Co., Ltd | BEWARD Intercom | 2.2.9 | affected |
| Beward R&D Co., Ltd | BEWARD Intercom | 2.2.8.9 | affected |
| Beward R&D Co., Ltd | BEWARD Intercom | 2.2.7.4 | affected |
Weaknesses
- CWE-256: Plaintext Storage of a Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://www.exploit-db.com/exploits/46267
- https://www.beward.net
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.