Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.
PUBLISHED5.2CWE-306
Beward N100 M2.1.6 Unauthenticated RTSP Video Stream Disclosure
Problem type
Affected products
Beward
N100 H.264 VGA IP Camera
M2.1.6.04C014 - AFFECTED
References
ExploitDB-46317
https://www.exploit-db.com/exploits/46317
Beward Official Product Homepage
https://www.beward.net
Zero Science Lab Disclosure (ZSL-2019-5509)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5509.php
GitHub Security Advisories
GHSA-4h7f-qwj6-qpx3
Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers...
https://github.com/advisories/GHSA-4h7f-qwj6-qpx3Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2019-25248Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2019-25248",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2025-12-24T20:22:33.063Z",
"dateReserved": "2025-12-24T14:27:12.477Z",
"datePublished": "2025-12-24T19:28:02.157Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2025-12-24T19:28:02.157Z"
},
"datePublic": "2019-01-26T00:00:00.000Z",
"title": "Beward N100 M2.1.6 Unauthenticated RTSP Video Stream Disclosure",
"descriptions": [
{
"lang": "en",
"value": "Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism."
}
],
"affected": [
{
"vendor": "Beward",
"product": "N100 H.264 VGA IP Camera",
"versions": [
{
"version": "M2.1.6.04C014",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Missing Authentication for Critical Function",
"cweId": "CWE-306",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/46317",
"name": "ExploitDB-46317",
"tags": [
"exploit"
]
},
{
"url": "https://www.beward.net",
"name": "Beward Official Product Homepage",
"tags": [
"product"
]
},
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5509.php",
"name": "Zero Science Lab Disclosure (ZSL-2019-5509)",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-24T20:22:33.063Z"
},
"title": "CISA ADP Vulnrichment",
"references": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5509.php",
"tags": [
"exploit"
]
}
],
"metrics": [
{}
]
}
]
}
}