ByteOS Network

NVD Vulnerability Details :

CVE-2019-25246

Awaiting Analysis

Source-disclosure@vulncheck.com

Published At-24 Dec, 2025 | 20:15

Updated At-29 Dec, 2025 | 15:58

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and /etc/issue by supplying absolute file paths.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	7.1	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-22	Secondary	disclosure@vulncheck.com

CWE ID: CWE-22

Type: Secondary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://www.beward.net	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/46320	disclosure@vulncheck.com	N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5511.php	disclosure@vulncheck.com	N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5511.php	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A