CVE-2025-67158
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-02

Last updated on: 2026-01-08

Assigner: MITRE

Description
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-02
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-02
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67158
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
revotech i6032w-fhw 1.0.0014
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by monitoring and logging abnormal or repeated access attempts to the /cgi-bin/jvsweb.cgi endpoint. Specifically, you can look for HTTP requests targeting this endpoint that include JSON-formatted API requests with user.name and user.digest fields. Network monitoring tools or web server logs can be used to identify such requests. While specific commands are not provided, using tools like curl or wget to send crafted requests to /cgi-bin/jvsweb.cgi and observing responses may help detect the vulnerability. Additionally, inspecting logs for unauthorized administrative API method calls such as account_get_users can indicate exploitation attempts. [1]

Executive Summary

This vulnerability is an authentication bypass in the Revotech I6032W-FHW IP camera firmware at the /cgi-bin/jvsweb.cgi API endpoint. The endpoint accepts JSON API requests with authentication fields but fails to properly validate them server-side. As a result, attackers can send arbitrary authentication values and gain unauthorized administrative access, including retrieving user account information and escalating privileges, without needing valid credentials or user interaction. [1]

Impact Analysis

The vulnerability allows remote attackers to bypass authentication and access sensitive user and account information on the device. Attackers can escalate privileges and potentially use this access as a foothold for further compromise of the device. This leads to a high confidentiality impact, exposing sensitive data without affecting integrity or availability. [1]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the device management interface to prevent unauthorized remote access, monitoring and logging abnormal or repeated access attempts to the vulnerable /cgi-bin/jvsweb.cgi endpoint, and applying vendor-provided firmware updates when they become available. Additionally, enforcing strict server-side validation of all authentication fields in API requests and requiring verified sessions before granting access to administrative API methods are recommended, though these may require vendor action. [1]

Compliance Impact

The vulnerability allows unauthenticated attackers to access sensitive user and account information and escalate privileges, which could lead to unauthorized disclosure of personal data. This exposure of sensitive information may result in non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls to protect personal and health information. Therefore, the authentication bypass increases the risk of violating these standards due to improper access control and potential data breaches. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67158. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart