Home

Description

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used.

PUBLISHED Reserved 2025-05-23 | Published 2025-06-02 | Updated 2025-06-02 | Assigner ONEKEY




HIGH: 8.6CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status
affected

Any version
affected

Default status
affected

Any version
affected

Default status
affected

Any version
affected

Default status
affected

Any version
affected

Default status
affected

Any version
affected

Default status
affected

Any version
affected

Default status
affected

Any version
affected

Default status
affected

Any version
affected

Default status
affected

Any version
affected

Timeline

2025-03-04:Notification email sent to sales@diviotec.com
2025-04-15:Notification email sent to sales@diviotec.com, support@diviotec.com, security@diviotec.com, psirt@diviotec.com, csirt@diviotec.com
2025-04-27:Notification email sent to sales@diviotec.com, support@diviotec.com, security@diviotec.com, psirt@diviotec.com, csirt@diviotec.com, and Nexcom personal emails

Credits

ONEKEY Research Labs finder

References

www.onekey.com/...cution-on-diviotec-ip-camera-cve-2025-5113 third-party-advisory

cve.org (CVE-2025-5113)

nvd.nist.gov (CVE-2025-5113)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.