CVE-2019-25436

EUVD-2019-19610
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sricamdeviceviewer
3.12.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.sricam.com/
https://www.exploit-db.com/exploits/47476
https://www.vulncheck.com/advisories/sricam-deviceviewer-password-change-security-bypass