CVE-2019-25240
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rifatron Co., Ltd. | DVR | 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) | affected |
| Rifatron Co., Ltd. | DVR | 7brid DVR (HD3-16V2, DX3-16V2/08V2/04V2, MX3-08V2/04V2) | affected |
| Rifatron Co., Ltd. | DVR | Firmware: <=8.0 (000143) | affected |
Weaknesses
- CWE-306: Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php
- https://www.exploit-db.com/exploits/47368
References
- https://www.exploit-db.com/exploits/47368
- http://www.rifatron.com
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.