Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-25130

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-24 Dec, 2025 | 19:27
Updated At-24 Dec, 2025 | 20:27
Rejected At-
Credits

Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:24 Dec, 2025 | 19:27
Updated At:24 Dec, 2025 | 20:27
Rejected At:
▼CVE Numbering Authority (CNA)
Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.

Affected Products
Vendor
Beward R&D Co., Ltd
Product
BEWARD Intercom
Versions
Affected
  • 2.3.1.34471
  • 2.3.0
  • 2.2.11
  • 2.2.10.5
  • 2.2.9
  • 2.2.8.9
  • 2.2.7.4
Problem Types
TypeCWE IDDescription
CWECWE-256Plaintext Storage of a Password
Type: CWE
CWE ID: CWE-256
Description: Plaintext Storage of a Password
Metrics
VersionBase scoreBase severityVector
4.06.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
LiquidWorm as Gjoko Krstic of Zero Science Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/46267
exploit
https://www.beward.net
product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/46267
Resource:
exploit
Hyperlink: https://www.beward.net
Resource:
product
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php
exploit
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:24 Dec, 2025 | 20:15
Updated At:29 Dec, 2025 | 15:58

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-256Secondarydisclosure@vulncheck.com
CWE ID: CWE-256
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.beward.netdisclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/46267disclosure@vulncheck.com
N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.phpdisclosure@vulncheck.com
N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://www.beward.net
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/46267
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2025-25727
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.90%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 00:00
Updated-19 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to store passwords in cleartext.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2025-11193
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 3.78%
||
7 Day CHG~0.00%
Published-03 Nov, 2025 | 21:40
Updated-04 Nov, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Tab M11 TB330FU TB330XUTab M9 TB310FU TB310XUTab K9 TB305FUTab M10 5G TB360ZUTab P11 2nd Gen TB350XU TB350FUTab M8 4th Gen 2024 TB301FU TB301XUTab Plus TB520FUTab One TB305FUXUTab K9 TB305XUTab P12 TB370FU TB372FUTab Extreme TB570ZU TB570FUYoga Tab Plus TB520FUIdea Tab Pro TB373FUTab K11 TB330FU TB330FUP TB330XU TB330XUPTab WiFi 5GTab K11 Plus LTE TB352FU TB352XUTab WIFITab M8 4th Gen TB300FU TB300XUTab K11 Plus WIFI TB352FU
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2024-21869
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 23:31
Updated-15 May, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Plaintext Storage of a Password in Rapid SCADA

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.

Action-Not Available
Vendor-rapidscadaRapid Software LLC
Product-rapid_scadaRapid SCADA
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-50945
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-26 Jan, 2025 | 15:43
Updated-11 Mar, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Licensing information disclosure

IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixcommon_licensinglinux_kernelwindowsCommon Licensing
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-19105
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.89%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:35
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials

The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.

Action-Not Available
Vendor-Busch-Jaeger (ABB)ABB
Product-6186\/11_firmware6186\/11tg\/s3.2tg\/s3.2_firmware6186/11 Telefon-Gateway TG/S 3.2 Telephone Gateway
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-41732
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 11.30%
||
7 Day CHG~0.00%
Published-28 Nov, 2022 | 16:30
Updated-25 Apr, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo information disclosure

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suiteMaximo Mobile
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
Details not found