CVE-2019-25248
Unauthenticated RTSP Stream Access in Beward N100 Camera
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| beward | n100 | * |
| beward | n100_h.264_vga_ip_camera | m2.1.6.04c014 |
| linux | faraday_arm | 2.6 |
| boa | boa | 0.94.14rc21 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the BEWARD N100 H.264 VGA IP Camera version M2.1.6.04C014 allows remote attackers to access the live video stream without any authentication. This means that anyone can retrieve the camera's RTSP (Real Time Streaming Protocol) stream without needing credentials, due to a lack of authentication in the video access mechanism. [1, 2]
How can this vulnerability impact me? :
This vulnerability can expose sensitive live video feeds to unauthorized individuals, potentially compromising privacy and security. Attackers can view real-time surveillance footage without permission, which could lead to unauthorized monitoring or information gathering. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the RTSP stream without authentication. Specifically, you can try to access the URL path "/cgi-bin/view/image" on the target Beward N100 camera device. For example, using curl or wget commands to fetch the stream URL can help verify if the stream is accessible without credentials. Example command: curl http://<camera-ip>/cgi-bin/view/image If the live video stream is returned without requiring authentication, the device is vulnerable. [2]