CVE-2025-34058
BaseFortify
Publication date: 2025-07-01
Last updated on: 2025-07-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-521 | The product does not require that users should have strong passwords. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Hikvision Streaming Media Management Server version 2.3.5. It occurs because the server uses default credentials (admin/12345), allowing remote attackers to authenticate without authorization. After logging in with these default credentials, an attacker can exploit a path traversal vulnerability in the /systemLog/downFile.php endpoint by manipulating the fileName parameter. This allows the attacker to read arbitrary files on the server, potentially accessing sensitive system files. [1, 2]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive files on the affected server. Attackers can read arbitrary files, which may include configuration files, credentials, or other sensitive information. This can result in information disclosure, compromise of system integrity, and further exploitation of the affected system or network. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the Hikvision Streaming Media Management Server's management interface using the default credentials (admin/12345). You can scan your network for devices with the title "流媒体管理服务器" using the FOFA search engine or similar network scanning tools. Once a device is identified, you can try to authenticate with the default credentials. To confirm the vulnerability, intercept a request to the endpoint /systemLog/downFile.php and modify the fileName parameter with a path traversal payload such as ../../../../../../../windows/system32/drivers/etc/hosts to see if arbitrary files can be read. Tools like BurpSuite can be used to intercept and modify HTTP requests. Additionally, a Python script can automate sending crafted GET requests to test for file read capability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing the default credentials (admin/12345) to a strong, unique password to prevent unauthorized access. Restrict network access to the Hikvision Streaming Media Management Server to trusted users only, ideally by firewall rules or network segmentation. Disable or restrict access to the /systemLog/downFile.php endpoint if possible. Monitor logs for suspicious access attempts. Applying any available patches or updates from Hikvision that address this vulnerability is also recommended. [1, 2]