CVE-2025-5113 | THREATINT

Description

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used.

Reserved 2025-05-23 | Published 2025-06-02 | Updated 2025-06-02 | Assigner ONEKEY

HIGH: 8.6CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status

affected

Any version

affected

Default status

affected

Any version

affected

Default status

affected

Any version

affected

Default status

affected

Any version

affected

Default status

affected

Any version

affected

Default status

affected

Any version

affected

Default status

affected

Any version

affected

Default status

affected

Any version

affected

Default status

affected

Any version

affected

Timeline

2025-03-04:	Notification email sent to sales@diviotec.com
2025-04-15:	Notification email sent to sales@diviotec.com, support@diviotec.com, security@diviotec.com, psirt@diviotec.com, csirt@diviotec.com
2025-04-27:	Notification email sent to sales@diviotec.com, support@diviotec.com, security@diviotec.com, psirt@diviotec.com, csirt@diviotec.com, and Nexcom personal emails

Credits

ONEKEY Research Labs finder

References

www.onekey.com/...cution-on-diviotec-ip-camera-cve-2025-5113 third-party-advisory

cve.org (CVE-2025-5113)

nvd.nist.gov (CVE-2025-5113)

Download JSON