Security Advisory

CVE-2019-25436

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-20 22:54:49

Last updated 2026-04-07 14:04:01

Assigner VulnCheck

State PUBLISHED

Description

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password.

← Browse all CVEs View on cve.org ↗