CVE-2025-10264
CRITICALDigiever Multiple Models < *.*.*.78 - Unauthenticated Sensitive Information Exposure
Title source: llmDescription
Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html
Various Sources third-party-advisory
https://www.twcert.org.tw/en/cp-139-10376-a057c-2.html
Scores
CVSS v3
10.0
EPSS
0.0045
EPSS Percentile
35.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-497
Status
published
Products (18)
Digiever/DS-1200
< *.*.*.78
Digiever/DS-16x00-RM Pro+
< x.x.x.78
Digiever/DS-16x00-RM UHD
< x.x.x.78
Digiever/DS-2100 Pro
< *.*.*.78
Digiever/DS-2100 Pro+
< *.*.*.78
Digiever/DS-2100 UHD
< *.*.*.78
Digiever/DS-2200 UHD
< *.*.*.78
Digiever/DS-2200 UHD+
< *.*.*.78
Digiever/DS-4100-RM
< x.x.x.78
Digiever/DS-4200 Pro
< *.*.*.78
... and 8 more
Published
Sep 12, 2025
Tracked Since
Feb 18, 2026