TrivisionSecurity Trivision Camera NC227WF up to 5.7.x activex_pal.asp authentication bypass
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
Summary
A vulnerability was found in TrivisionSecurity Trivision Camera NC227WF up to 5.7.x. It has been classified as critical. Impacted is an unknown function of the file /en/player/activex_pal.asp. This manipulation causes authentication bypass. This vulnerability is handled as CVE-2025-1739. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.
Details
A vulnerability has been found in TrivisionSecurity Trivision Camera NC227WF up to 5.7.x and classified as critical. Affected by this vulnerability is an unknown code block of the file /en/player/activex_pal.asp. The manipulation with an unknown input leads to a authentication bypass vulnerability. The CWE definition for the vulnerability is CWE-288. A product requires authentication, but the product has an alternate path or channel that does not require authentication. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activex_pal.asp" and successfully authenticating the application.
The weakness was released by Andris Raugulis. The advisory is shared at incibe.es. This vulnerability is known as CVE-2025-1739 since 02/27/2025. The exploitation appears to be easy. Access to the local network is required for this attack. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.
By approaching the search of inurl:en/player/activex_pal.asp it is possible to find vulnerable targets with Google Hacking.
Upgrading to version 5.8.0 eliminates this vulnerability.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.7VulDB Meta Temp Score: 6.5
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 7.1
CNA Vector (INCIBE): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Authentication bypassCWE: CWE-288 / CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Trivision Camera NC227WF 5.8.0
Timeline
02/27/2025 🔍02/27/2025 🔍
02/27/2025 🔍
02/27/2025 🔍
Sources
Advisory: incibe.esResearcher: Andris Raugulis
Status: Confirmed
CVE: CVE-2025-1739 (🔍)
GCVE (CVE): GCVE-0-2025-1739
GCVE (VulDB): GCVE-100-297841
Entry
Created: 02/27/2025 14:36Changes: 02/27/2025 14:36 (65)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.