CVE-2025-67159
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-02

Last updated on: 2026-01-08

Assigner: MITRE

Description
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-02
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67159
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vatilon vatilon 1.12.37-20240124
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67159 is a critical vulnerability in Vatilon-based IP camera firmware (notably JIENUO brand devices) where the /cgi-bin/web.cgi API endpoint accepts username and password parameters in plaintext via HTTP GET requests without enforcing server-side authentication or session validation. This allows unauthenticated remote attackers to bypass authentication controls, expose administrator credentials in plaintext, and access sensitive device information and administrative data. [2]

Impact Analysis

This vulnerability can allow remote attackers to bypass authentication and gain unauthorized access to the device's administrative interface and sensitive information. Attackers can see administrator credentials in plaintext, retrieve device configurations, and potentially fully compromise the device. Exploitation requires no user interaction and can be performed remotely, posing a significant security risk. [2]

Detection Guidance

This vulnerability can be detected by monitoring network traffic for HTTP GET requests to the /cgi-bin/web.cgi API endpoint that include username and password parameters in plaintext. You can use network packet capture tools like tcpdump or Wireshark to filter such requests. For example, a tcpdump command to detect these requests might be: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/cgi-bin/web.cgi?username=' or use Wireshark to filter HTTP requests containing '/cgi-bin/web.cgi' and inspect for plaintext credentials in URL parameters. Additionally, monitoring web server logs for unauthenticated access attempts to /cgi-bin/web.cgi with credential parameters can help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the device's web interface using network-level controls such as firewalls or VLAN segmentation to limit exposure. Monitor for abnormal web requests and access patterns targeting /cgi-bin/web.cgi. Apply any available firmware updates from the vendor that address this vulnerability as soon as they are released. Additionally, avoid using devices with the vulnerable firmware version until patched. Longer-term fixes involve enforcing server-side authentication and session validation for all API requests, eliminating plaintext credential transmission, and requiring valid authenticated sessions for web interface components. [2]

Compliance Impact

The vulnerability exposes user credentials in plaintext and allows unauthenticated remote attackers to access sensitive device information and administrative data. This exposure of sensitive information and lack of proper authentication controls could lead to non-compliance with common standards and regulations such as GDPR and HIPAA, which require protection of personal and sensitive data through secure authentication and encryption mechanisms. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67159. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart