CVE-2025-3403

Summary

A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in source code. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
VivotekNVR ND8422P2.4.0.204affected
VivotekNVR ND8422P3.3.0.104affected
VivotekNVR ND8422P4.2.0.101affected
VivotekNVR ND9525P2.4.0.204affected
VivotekNVR ND9525P3.3.0.104affected
VivotekNVR ND9525P4.2.0.101affected
VivotekNVR ND9541P2.4.0.204affected
VivotekNVR ND9541P3.3.0.104affected
VivotekNVR ND9541P4.2.0.101affected

Weaknesses

  • CWE-540: Inclusion of Sensitive Information in Source Code
  • CWE-200: Information Disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References