CVE-2025-1739 — HIGH (7.1) — White Hats Nepal

Vulnerability Description

An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activex_pal.asp" and successfully authenticating the application.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-288

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-triv

FAQ

What is CVE-2025-1739?

CVE-2025-1739 is a vulnerability with a CVSS score of 7.1 (HIGH). An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleart...

How severe is CVE-2025-1739?

CVE-2025-1739 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-1739?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.