Home
Description
Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.
PUBLISHED Reserved 2025-09-11 | Published 2025-09-12 | Updated 2025-09-12 | Assigner twcert
CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Problem types
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
Product status
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
References
www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html third-party-advisory
www.twcert.org.tw/en/cp-139-10376-a057c-2.html third-party-advisory
cve.org
(CVE-2025-10264)
nvd.nist.gov
(CVE-2025-10264)
Download JSON
