CVE-2019-25248
Unknown Unknown - Not Provided
Unauthenticated RTSP Stream Access in Beward N100 Camera

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25248
EUVD
EUVD-2025-205322
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
beward n100 *
beward n100_h.264_vga_ip_camera m2.1.6.04c014
linux faraday_arm 2.6
boa boa 0.94.14rc21
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the BEWARD N100 H.264 VGA IP Camera version M2.1.6.04C014 allows remote attackers to access the live video stream without any authentication. This means that anyone can retrieve the camera's RTSP (Real Time Streaming Protocol) stream without needing credentials, due to a lack of authentication in the video access mechanism. [1, 2]

Impact Analysis

This vulnerability can expose sensitive live video feeds to unauthorized individuals, potentially compromising privacy and security. Attackers can view real-time surveillance footage without permission, which could lead to unauthorized monitoring or information gathering. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to access the RTSP stream without authentication. Specifically, you can try to access the URL path "/cgi-bin/view/image" on the target Beward N100 camera device. For example, using curl or wget commands to fetch the stream URL can help verify if the stream is accessible without credentials. Example command: curl http://<camera-ip>/cgi-bin/view/image If the live video stream is returned without requiring authentication, the device is vulnerable. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25248. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart