CVE-2025-1739 Information

Mar 01, 2025 cve

Description

An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator’s credentials in cleartext by sending a request against the server using curl with random credentials to /en/player/activex_pal.asp\ and successfully authenticating the application.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-trivision-camera-nc227wf An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator’s credentials in cleartext by sending a request against the server using curl with random credentials to /en/player/activex_pal.asp
and successfully authenticating the application.

Share on: