CVE-2019-25248

HIGH

Beward N100 M2.1.6.04C014 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25248. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit describes an unauthenticated RTSP stream disclosure vulnerability in BEWARD N100 IP Camera M2.1.6, allowing unauthorized access to live video streams. The provided URL path suggests a direct endpoint for accessing the stream without authentication.

Description

Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.

Exploits (1)

exploitdb WRITEUP
by LiquidWorm · textwebappshardware
https://www.exploit-db.com/exploits/46317

The exploit describes an unauthenticated RTSP stream disclosure vulnerability in BEWARD N100 IP Camera M2.1.6, allowing unauthorized access to live video streams. The provided URL path suggests a direct endpoint for accessing the stream without authentication.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: BEWARD N100 IP Camera M2.1.6.04C014
No auth needed
Prerequisites: Network access to the target camera
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Various Sources product
https://www.beward.net
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5509.php
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/46317

Scores

CVSS v3 7.5
EPSS 0.0042
EPSS Percentile 33.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-306
Status published
Products (1)
Beward/N100 H.264 VGA IP Camera M2.1.6.04C014
Published Dec 24, 2025
Tracked Since Feb 18, 2026