CVE-2018-25310

MEDIUM

VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25310. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a technical writeup detailing an authenticated remote code execution vulnerability in VideoFlow Digital Video Protection DVP 10. It includes system details, default credentials, and a demonstration of root access via the device's shell interface.

Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can leverage the CSRF vulnerability to inject and execute system commands through the Tools > System > Shell interface, gaining root-level access to the device.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/44387

View Code ZIP pw:eip

This is a technical writeup detailing an authenticated remote code execution vulnerability in VideoFlow Digital Video Protection DVP 10. It includes system details, default credentials, and a demonstration of root access via the device's shell interface.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VideoFlow Digital Video Protection DVP 10 (Version 2.10, X-Prototype-Version: 1.6.0.2)

Auth required

Prerequisites: Authenticated access to the device's web management interface · Default or hard-coded credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory

https://www.zeroscience.mk/#/advisories/ZSL-2018-5455

Exploit exploit

ExploitDB-44387

https://www.exploit-db.com/exploits/44387

Vendor Advisory vendor-advisory

Vulnerability Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5455.php

Third Party Advisory third-party-advisory

VulnCheck Advisory: VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution

https://www.vulncheck.com/advisories/videoflow-digital-video-protection-dvp-10-authenticated-remote-code-execution

Scores

CVSS v3 4.3

EPSS 0.0021

EPSS Percentile 11.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (3)

VideoFlow Ltd./VideoFlow Digital Video Protection 1.40.0.15

VideoFlow Ltd./VideoFlow Digital Video Protection 2.10

VideoFlow Ltd./VideoFlow Digital Video Protection 2.10.0.5

Published Apr 29, 2026

Tracked Since Apr 30, 2026