CVE-2019-25248
Unknown Unknown - Not Provided

Unauthenticated RTSP Stream Access in Beward N100 Camera

Vulnerability report for CVE-2019-25248, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description

Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-07-06
AI Q&A
2025-12-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
beward n100 *
beward n100_h.264_vga_ip_camera m2.1.6.04c014
linux faraday_arm 2.6
boa boa 0.94.14rc21

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in the BEWARD N100 H.264 VGA IP Camera version M2.1.6.04C014 allows remote attackers to access the live video stream without any authentication. This means that anyone can retrieve the camera's RTSP (Real Time Streaming Protocol) stream without needing credentials, due to a lack of authentication in the video access mechanism. [1, 2]

Impact Analysis

This vulnerability can expose sensitive live video feeds to unauthorized individuals, potentially compromising privacy and security. Attackers can view real-time surveillance footage without permission, which could lead to unauthorized monitoring or information gathering. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to access the RTSP stream without authentication. Specifically, you can try to access the URL path "/cgi-bin/view/image" on the target Beward N100 camera device. For example, using curl or wget commands to fetch the stream URL can help verify if the stream is accessible without credentials. Example command: curl http://<camera-ip>/cgi-bin/view/image If the live video stream is returned without requiring authentication, the device is vulnerable. [2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25248. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart