CVE-2019-25236
Unauthenticated Access to Live Video in iSeeQ Hybrid DVR
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| php | php | 7.0.22 |
| boa | boa | 0.94.13 |
| iseeq | hybrid_dvr_wh-h4 | 2.0.0.p |
| iseeq | hybrid_dvr_wh-h4 | 1.03r |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in iSeeQ Hybrid DVR WH-H4 versions 1.03R and 2.0.0.P involves an unauthenticated access flaw in the 'get_jpeg' script. Attackers can send requests to the /cgi-bin/get_jpeg endpoint specifying a camera channel and retrieve live video snapshots without any authentication or authorization. This allows unauthorized users to access live video streams from the DVR, potentially compromising the privacy and security of the surveillance system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of live video streams from the affected DVR device. Attackers can obtain live snapshots and even compile them into video clips, thereby compromising the privacy and security of monitored areas. This unauthorized access could expose sensitive information and surveillance footage to malicious actors without any authentication barriers. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending HTTP requests to the endpoint `/cgi-bin/get_jpeg?ch=<CHANNEL>` on the target DVR device. If the device is vulnerable, it will return JPEG snapshots of the live video stream without requiring authentication. A proof-of-concept bash script is available that automates this detection by collecting sequential JPEG snapshots and checking the HTTP status of `/cgi-bin/php/login.php`; if this returns 404, the target is considered not vulnerable. The detection involves using commands like `curl` or `wget` to request `/cgi-bin/get_jpeg?ch=1` (or other channel numbers) and checking for valid JPEG responses. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to access live video streams and snapshots without authorization, potentially compromising the privacy and security of surveillance data. This unauthorized disclosure of sensitive video data could lead to non-compliance with privacy regulations such as GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the vulnerable DVR device, especially blocking external access to the /cgi-bin/get_jpeg endpoint to prevent unauthorized requests. Additionally, monitor and audit network traffic for suspicious requests to this endpoint. If possible, update the device firmware or software to a version that patches this vulnerability or apply any vendor-provided security updates. If no patch is available, consider isolating the device on a secure network segment to limit exposure. [1, 2]