CVE-2019-25252
Unknown Unknown - Not Provided
CSRF Vulnerability in Teradek VidiU Pro Allows Admin Password Change

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25252
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
teradek vidiu_pro 3.0.3
teradek vidiu_pro 3.0.2
teradek vidiu_pro 2.4.10
lighttpd lighttpd 1.4.48
lighttpd lighttpd 1.4.31
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) in Teradek VidiU Pro version 3.0.3 and some earlier versions. It allows an attacker to change the device's administrative password without proper authorization by exploiting the device's web interface, which does not validate the legitimacy of HTTP requests. If a logged-in administrator visits a malicious website, that site can automatically submit a password change request to the device, effectively allowing the attacker to take control without the administrator's consent. [1, 2]

Impact Analysis

The vulnerability can lead to unauthorized administrative control over the Teradek VidiU Pro device. An attacker can change the administrator password without permission, potentially locking out legitimate users and gaining full control of the device. This can disrupt live video streaming operations and compromise the security and integrity of the device's management. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the device's web interface, specifically looking for unauthorized or suspicious POST requests to the password change endpoint `/cgi-bin/password.cgi`. You can use network traffic analysis tools like Wireshark or tcpdump to capture HTTP traffic and filter for requests to this endpoint. Additionally, checking web server logs for unexpected POST requests to `/cgi-bin/password.cgi` with parameters changing the admin password can help detect exploitation attempts. For example, using a command like `grep '/cgi-bin/password.cgi' /var/log/lighttpd/access.log` on the device or proxy logs may reveal such attempts. [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the device's web interface to trusted networks or IP addresses, implementing network-level controls such as firewalls to block unauthorized access, and educating users to avoid visiting untrusted or malicious websites while logged into the device. Since the vulnerability arises from lack of request validation, disabling or limiting the web interface if possible until a patch is available is recommended. Monitoring for suspicious activity and changing administrative passwords manually can also help reduce risk. Applying any available firmware updates or patches from the vendor should be done as soon as they are released. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25252. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart