CVE-2018-25310

MEDIUM

VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution

Title source: cna

Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can leverage the CSRF vulnerability to inject and execute system commands through the Tools > System > Shell interface, gaining root-level access to the device.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/44387

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44387

https://www.exploit-db.com/exploits/44387

Vendor Advisory vendor-advisory

Vulnerability Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5455.php

Third Party Advisory third-party-advisory

VulnCheck Advisory: VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution

https://www.vulncheck.com/advisories/videoflow-digital-video-protection-dvp-10-authenticated-remote-code-execution

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 9.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (3)

VideoFlow Ltd./VideoFlow Digital Video Protection 1.40.0.15

VideoFlow Ltd./VideoFlow Digital Video Protection 2.10

VideoFlow Ltd./VideoFlow Digital Video Protection 2.10.0.5

Published Apr 29, 2026

Tracked Since Apr 30, 2026