CVE-2018-25130

MEDIUM

Beward Intercom 2.3.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25130. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit extracts plain-text credentials from an unencrypted binary file (BEWARD.INTERCOM.FDB) used by BEWARD Intercom software. It leverages a known path and regex patterns to disclose sensitive information.

Description

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · pythonlocalwindows
https://www.exploit-db.com/exploits/46267

This exploit extracts plain-text credentials from an unencrypted binary file (BEWARD.INTERCOM.FDB) used by BEWARD Intercom software. It leverages a known path and regex patterns to disclose sensitive information.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: BEWARD Intercom versions 2.3.1.34471 and below
No auth needed
Prerequisites: Local access to the system · Presence of the BEWARD.INTERCOM.FDB file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/46267
Various Sources product
https://www.beward.net
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php

Scores

CVSS v3 6.2
EPSS 0.0013
EPSS Percentile 2.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-256
Status published
Products (7)
Beward R&D Co., Ltd/BEWARD Intercom 2.2.10.5
Beward R&D Co., Ltd/BEWARD Intercom 2.2.11
Beward R&D Co., Ltd/BEWARD Intercom 2.2.7.4
Beward R&D Co., Ltd/BEWARD Intercom 2.2.8.9
Beward R&D Co., Ltd/BEWARD Intercom 2.2.9
Beward R&D Co., Ltd/BEWARD Intercom 2.3.0
Beward R&D Co., Ltd/BEWARD Intercom 2.3.1.34471
Published Dec 24, 2025
Tracked Since Feb 18, 2026