CVE-2019-25240
Unauthenticated Access in Rifatron 5brid DVR Live Streams
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| boa | boa_web_server | 0.94.14rc21 |
| rifatron | embedded_linux | * |
| rifatron | 5brid_dvr | * |
| rifatron | 7brid_dvr | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated access to live video streams from surveillance DVRs, exposing sensitive video data without authorization. This unauthorized exposure of potentially personal or sensitive surveillance footage could lead to non-compliance with privacy regulations such as GDPR and HIPAA, which require protection of personal and sensitive information. Organizations using affected devices in sectors like government, banking, hospitality, retail, education, and industrial environments may face compliance risks due to this exposure. [1, 3]
Can you explain this vulnerability to me?
CVE-2019-25240 is a vulnerability in Rifatron 5brid and 7brid DVR devices where the animate.cgi script in the Mobile Web Viewer module allows attackers to access live video streams without any authentication. By specifying channel numbers in HTTP requests to this script, unauthorized users can retrieve sequential video snapshots and compile them into live video streams, exposing sensitive surveillance footage. [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to live surveillance video streams, exposing sensitive video footage without requiring any credentials. This poses significant privacy and security risks, especially in environments using these DVRs for CCTV and video surveillance such as government, banking, hospitality, retail, education, and industrial sectors. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the target device is vulnerable through HTTP requests. First, verify the existence of the 'mobile_viewer_login.html' page on the device. Then, attempt to access the 'animate.cgi' script with a specified channel parameter to retrieve live video snapshots without authentication. A proof-of-concept script (idss_stream.sh) exists that automates this process. For manual detection, you can use curl or wget commands to request these pages and endpoints. For example, use 'curl http://<target-ip>/mobile_viewer_login.html' to check for the login page, and 'curl http://<target-ip>/cgi-bin/animate.cgi?channel=1' to attempt to retrieve a snapshot from channel 1. Multiple snapshots can be requested sequentially to confirm vulnerability. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected DVR devices, especially blocking external or untrusted network access to the web interface serving the animate.cgi script. Implement network-level controls such as firewalls or VPNs to limit access only to authorized users. If possible, update the device firmware to a version that patches this vulnerability or contact the vendor for security updates. Additionally, monitor network traffic for suspicious requests to the animate.cgi endpoint and consider disabling the Mobile Web Viewer module if it is not required. [1, 3]