CVE-2019-25246

HIGH NUCLEI

Beward N100 H.264 VGA IP Camera M2.1.6 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25246. PoCs published by LiquidWorm. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an authenticated arbitrary file disclosure vulnerability in Beward N100 IP Camera firmware M2.1.6. The 'READ.filePath' parameter in the fileread script allows reading arbitrary files via absolute paths or the SendCGICMD API.

Description

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and /etc/issue by supplying absolute file paths.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/46320

View Code ZIP pw:eip

This exploit demonstrates an authenticated arbitrary file disclosure vulnerability in Beward N100 IP Camera firmware M2.1.6. The 'READ.filePath' parameter in the fileread script allows reading arbitrary files via absolute paths or the SendCGICMD API.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Beward N100 IP Camera M2.1.6.04C014

Auth required

Prerequisites: Authentication credentials (admin:admin) · Network access to the target device

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

HIGHby geeknik,liangtovi-debug

References (3)

Core 3

Core References

Various Sources product

https://www.beward.net

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46320

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5511.php

Scores

CVSS v3 8.8

EPSS 0.1500

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

Beward R&D Co., Ltd/N100 H.264 VGA IP Camera M2.1.6.04C014

Published Dec 24, 2025

Tracked Since Feb 18, 2026