CVE-2025-1739

Publication date

2025-02-27 12:45:26

Family

INCIBE

State

PUBLISHED

Description

An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrators credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activex_pal.asp" and successfully authenticating the application.