CVE-2019-25062

MEDIUM

Sricam IP CCTV Camera - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25062. PoCs published by Alessandro Magnosi.

AI-analyzed exploit summary This exploit leverages a local buffer overflow in Sricam DeviceViewer 3.12.0.1 to achieve remote code execution (RCE) via a crafted username in the User Management section. It employs ROP (Return-Oriented Programming) to bypass DEP (Data Execution Prevention) and execute a command shell.

Description

A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC

by Alessandro Magnosi · pythonlocalwindows

https://www.exploit-db.com/exploits/47477

View Code ZIP pw:eip

This exploit leverages a local buffer overflow in Sricam DeviceViewer 3.12.0.1 to achieve remote code execution (RCE) via a crafted username in the User Management section. It employs ROP (Return-Oriented Programming) to bypass DEP (Data Execution Prevention) and execute a command shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Sricam DeviceViewer v3.12.0.1

Auth required

Prerequisites: Access to the Sricam DeviceViewer application · Valid login credentials · Ability to write to the User Management section

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/47477

Third Party Advisory x_refsource_misc

https://vuldb.com/?id.159431

Scores

CVSS v3 5.3

EPSS 0.0031

EPSS Percentile 22.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

sricam/deviceviewer 3.12.0.1

Published Jun 08, 2022

Tracked Since Feb 18, 2026