CVE-2019-25246 Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and...

CVE-2019-25247

The CVE-2019-25247 entry applies to the Beward N100 H.264 VGA IP Camera (M2.1.6). The vulnerability is a cross-site request forgery (CSRF) that lets an attacker trigger administrative actions by deceiving a logged-in user with a malicious page (hidden form to add an admin). Root cause: lack of pr...

CVE-2019-25246 Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and...

CVE-2019-25247 Beward N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Vulnerability

Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into...

CVE-2019-25236

The CVE-2019-25236 issue affects the iSeeQ Hybrid DVR WH-H4 (version 1.03R). The vulnerability lies in the get_jpeg CGI endpoint (/cgi-bin/get_jpeg), which allows unauthenticated retrieval of live video snapshots from specific camera channels. This exposes video streams without authentication, le...

CVE-2018-25139

CVE-2018-25139 affects the FLIR AX8 Thermal Camera (firmware 1.32.16). The vulnerability allows unauthenticated remote access to live RTSP streams, enabling attackers to view and record thermal footage without credentials. Demonstrated use via RTSP clients (e.g., VLC/FFmpeg) is noted in sources. ...

CVE-2018-25139 FLIR AX8 Thermal Camera 1.32.16 Unauthenticated RTSP Stream Disclosure

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage...

CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2022-50757

In the Linux kernel, the following vulnerability has been resolved: media: camss: Clean up received buffers on failed start of streaming It is required to return the received buffers, if streaming can not be started. For instance mediapipelinestart may fail with EPIPE, if a link validation betwee...

CVE-2022-50759

The CVE-2022-50759 issue affects Linux kernel media: i2c: ov5648, where the V4L2 fwnode data structure isn’t freed on unbind, causing a memory leak. The vulnerability, now resolved, is described across multiple sources as the V4L2 fwnode data not being freed on unbind, with patch references in st...

Beward N100 安全漏洞

Beward N100 is an IP video codec from the Russian open source Beward. A security vulnerability exists in Beward N100 H.264 VGA IP Camera version M2.1.6, which stems from insufficient validation of the READ.filePath parameter and could lead to the disclosure of arbitrary files...

PT-2025-53358

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

FLIR AX8 Thermal Camera 安全漏洞

FLIR AX8 Thermal Camera is a monitoring thermal imaging sensor from FLIR, Inc. A security vulnerability exists in the FLIR AX8 Thermal Camera version 1.32.16, which stems from the presence of hard-coded SSH and web panel credentials that could lead to unauthorized access...

PT-2025-53359

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage...

Beward N100 安全漏洞

Beward N100 is an IP camera from the Russian company Beward. A security vulnerability exists in Beward N100 version M2.1.6, which stems from a lack of proper request validation and could lead to a cross-site request forgery attack...

PT-2025-53333

Name of the Vulnerable Software and Affected Versions Beward N100 H.264 VGA IP Camera version M2.1.6 Description The Beward N100 H.264 VGA IP Camera version M2.1.6 contains a cross-site request forgery issue. This allows attackers to perform administrative actions without proper validation of...

CVE-2025-65817

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

EUVD-2025-204762

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical...

📄 GALAYOU G2 IP Camera Authentication Bypass

A critical authentication bypass vulnerability exists in the RTSP service of the GALAYOU G2 IP camera. The device exposes multiple RTSP stream endpoints that can be accessed without valid credentials, even when authentication is enabled...