CVE-2025-10264

Summary

Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.

Affected Software

VendorProductVersion RangeStatus
DigieverDS-12000 <= *.*.*.78affected
DigieverDS-2100 Pro0 <= *.*.*.78affected
DigieverDS-2100 Pro+0 <= *.*.*.78affected
DigieverDS-2100 UHD0 <= *.*.*.78affected
DigieverDS-2200 UHD0 <= *.*.*.78affected
DigieverDS-2200 UHD+0 <= *.*.*.78affected
DigieverDS-4200 Pro0 <= *.*.*.78affected
DigieverDS-4200 Pro+0 <= x.x.x.78affected
DigieverDS-4200 UHD0 <= x.x.x.78affected
DigieverDS-4200 UHD+0 <= x.x.x.78affected
DigieverDS-4100-RM0 <= x.x.x.78affected
DigieverDS-4200-RM Pro+0 <= x.x.x.78affected
DigieverDS-4200-RM UHD0 <= x.x.x.78affected
DigieverDS-8x00-RM Pro+0 <= x.x.x.78affected
DigieverDS-8x00-SRM Pro+0 <= x.x.x.78affected
DigieverDS-8x00-RM UHD0 <= x.x.x.78affected
DigieverDS-16x00-RM Pro+0 <= x.x.x.78affected
DigieverDS-16x00-RM UHD0 <= x.x.x.78affected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References