CVE-2019-25247
Unknown Unknown - Not Provided
CSRF Vulnerability in Beward N100 IP Camera Enables Admin Takeover

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into submitting the form.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-19
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-18
NVD
CVE-2019-25247
EUVD
EUVD-2025-205310
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
beward n100_h.264_vga_ip_camera m2.1.6.04c014
farady linux 2.6
boa boa 0.94.14rc21
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the BEWARD N100 H.264 VGA IP Camera version M2.1.6.04C014 is a Cross-Site Request Forgery (CSRF) flaw. It occurs because the camera's web application interface does not properly validate the authenticity of HTTP requests. This allows an attacker to craft a malicious web page with a hidden form that, when visited by a logged-in user, can submit unauthorized requests to the camera. Specifically, the attacker can add a new administrative user without proper authorization by exploiting this lack of request validation. [1, 2]

Impact Analysis

This vulnerability can allow an attacker to gain unauthorized administrative access to the affected IP camera by adding a new admin user remotely. If a logged-in user visits a malicious website, the attacker can exploit the CSRF flaw to perform administrative actions without the user's consent. This can lead to privilege escalation, unauthorized control over the device, and potential compromise of the camera's security and functionality. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring HTTP POST requests to the endpoint `/cgi-bin/admin/param` with parameters indicating an attempt to add an admin user, such as `action=add`, `group=General.UserID`, and `template=UserID`. You can use network traffic analysis tools like tcpdump or Wireshark to capture and inspect such requests. For example, a tcpdump command to filter HTTP POST requests to the camera's IP might be: `tcpdump -i <interface> host <camera_ip> and tcp port 80 and 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354'` (which filters for HTTP POST). Additionally, inspecting web server logs on the device (if accessible) for POST requests to `/cgi-bin/admin/param` with suspicious parameters can help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the camera's web interface to trusted networks only, disabling remote administration if possible, and ensuring users do not visit untrusted websites while logged into the camera's admin interface to prevent CSRF attacks. Applying any available firmware updates or patches from the vendor is recommended, although no vendor response was noted. Additionally, implementing network-level protections such as firewall rules to block unauthorized HTTP requests to the camera's admin endpoints can reduce risk. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25247. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart