CVE-2022-25012

MEDIUM

Argus Surveillance DVR 4.0 - Inadequate Encryption Strength

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2022-25012. PoCs published by Salman Asad, s3l33, Pocland-db.

AI-analyzed exploit summary This exploit demonstrates weak password encryption in Argus Surveillance DVR 4.0 by reversing a hardcoded hash to its plaintext characters using a predefined mapping. It does not execute malicious actions but reveals the vulnerability in password storage.

Description

Argus Surveillance DVR v4.0 employs weak password encryption.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Salman Asad · pythonlocalwindows
https://www.exploit-db.com/exploits/50130

This exploit demonstrates weak password encryption in Argus Surveillance DVR 4.0 by reversing a hardcoded hash to its plaintext characters using a predefined mapping. It does not execute malicious actions but reveals the vulnerability in password storage.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Argus Surveillance DVR 4.0
No auth needed
Prerequisites: Access to the password hash from DVRParams.ini
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 6 stars
by s3l33 · poc
https://github.com/s3l33/CVE-2022-25012

This PoC decodes weakly encrypted passwords from Argus Surveillance DVR 4.0 by reversing a custom encoding scheme. It accepts a password hash as input and outputs the decoded password.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Argus Surveillance DVR 4.0
No auth needed
Prerequisites: Access to the password hash from DVRParams.ini
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 3 stars
by Pocland-db · cpoc
https://github.com/Pocland-db/cve-pocs/tree/main/2022/CVE-2022-25012

This repository contains a functional proof-of-concept tool that decodes weakly encrypted passwords in Argus Surveillance DVR v4.0 by reversing a static mapping table. The tool takes a hashed password as input and outputs the plaintext equivalent.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Argus Surveillance DVR v4.0
No auth needed
Prerequisites: access to a hashed password from the target system
devstral-2 · analyzed Apr 29, 2026 Full analysis →
nomisec WORKING POC 2 stars
by XK3NF4 · poc
https://github.com/XK3NF4/CVE-2022-25012

This PoC demonstrates weak password encryption in Argus Surveillance DVR v4.0 by decoding hashed passwords using a predefined mapping table. It takes a hash string as input and outputs the corresponding plaintext password.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Argus Surveillance DVR v4.0
No auth needed
Prerequisites: Access to a hashed password from the target system
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by G4sp4rCS · poc
https://github.com/G4sp4rCS/CVE-2022-25012-POC

This PoC demonstrates weak password encryption in Argus Surveillance DVR 4.0 by decoding a hardcoded password hash using a predefined character mapping. It reveals the plaintext password from the encoded hash.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Argus Surveillance DVR 4.0
No auth needed
Prerequisites: Access to the password hash
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://leobreaker1411.github.io/blog/dvr4-hash-crack
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50130

Scores

CVSS v3 5.5
EPSS 0.0044
EPSS Percentile 63.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-326
Status published
Products (1)
argussurveillance/dvr 4.0.0.0
Published Mar 01, 2022
Tracked Since Feb 18, 2026