← Back
2025-12-24 19:27CVE-2018-25130VulnCheck
PUBLISHED5.2CWE-256

Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.

Problem type

Affected products

Beward R&D Co., Ltd

BEWARD Intercom

2.3.1.34471 - AFFECTED

2.3.0 - AFFECTED

2.2.11 - AFFECTED

2.2.10.5 - AFFECTED

2.2.9 - AFFECTED

2.2.8.9 - AFFECTED

2.2.7.4 - AFFECTED

References

ExploitDB-46267

https://www.exploit-db.com/exploits/46267

exploit
Beward Product Homepage

https://www.beward.net

product
Zero Science Lab Disclosure (ZSL-2019-5505)

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php

third-party-advisory

GitHub Security Advisories

GHSA-hjwr-h73m-h7pf

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers...

https://github.com/advisories/GHSA-hjwr-h73m-h7pf

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2018-25130

beward.net

https://www.beward.net

exploit-db.com

https://www.exploit-db.com/exploits/46267

zeroscience.mk

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php

github.com

https://github.com/advisories/GHSA-hjwr-h73m-h7pf

JSON source

https://cveawg.mitre.org/api/cve/CVE-2018-25130
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2018-25130",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2025-12-24T20:27:08.870Z",
    "dateReserved": "2025-12-24T14:28:02.432Z",
    "datePublished": "2025-12-24T19:27:43.752Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2025-12-24T19:27:43.752Z"
      },
      "datePublic": "2018-11-28T00:00:00.000Z",
      "title": "Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database",
      "descriptions": [
        {
          "lang": "en",
          "value": "Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations."
        }
      ],
      "affected": [
        {
          "vendor": "Beward R&D Co., Ltd",
          "product": "BEWARD Intercom",
          "versions": [
            {
              "version": "2.3.1.34471",
              "status": "affected"
            },
            {
              "version": "2.3.0",
              "status": "affected"
            },
            {
              "version": "2.2.11",
              "status": "affected"
            },
            {
              "version": "2.2.10.5",
              "status": "affected"
            },
            {
              "version": "2.2.9",
              "status": "affected"
            },
            {
              "version": "2.2.8.9",
              "status": "affected"
            },
            {
              "version": "2.2.7.4",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Plaintext Storage of a Password",
              "cweId": "CWE-256",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/46267",
          "name": "ExploitDB-46267",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.beward.net",
          "name": "Beward Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php",
          "name": "Zero Science Lab Disclosure (ZSL-2019-5505)",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "attackVector": "LOCAL",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
          "type": "finder"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-12-24T20:27:08.870Z"
        },
        "title": "CISA ADP Vulnrichment",
        "references": [
          {
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php",
            "tags": [
              "exploit"
            ]
          }
        ],
        "metrics": [
          {}
        ]
      }
    ]
  }
}