CVE-2019-25240

EUVD-2025-205308
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Common Weakness Enumeration
References
http://www.rifatron.com
https://www.exploit-db.com/exploits/47368
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php
https://www.exploit-db.com/exploits/47368
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php