CVE-2025-1738

MEDIUM

Trivision Camera NC227WF <5.8.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-1738. PoCs published by n0n4m3x41.

AI-analyzed exploit summary The repository provides a functional exploit for CVE-2025-1738, demonstrating how to retrieve the admin password in plaintext from a Trivision NC227WF camera via a crafted HTTP request. The PoC includes a curl command that exploits the cleartext password exposure vulnerability.

Description

A Password Transmitted over Query String vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity, exposing this sensitive information to a third party.

Exploits (1)

nomisec WORKING POC

by n0n4m3x41 · poc

https://github.com/n0n4m3x41/CVE-2025-1738

View Code ZIP pw:eip

The repository provides a functional exploit for CVE-2025-1738, demonstrating how to retrieve the admin password in plaintext from a Trivision NC227WF camera via a crafted HTTP request. The PoC includes a curl command that exploits the cleartext password exposure vulnerability.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Trivision NC227WF Camera (Firmware 5.80 build 20141010)

No auth needed

Prerequisites: local network access to the camera · knowledge of the camera's IP address and port

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-trivision-camera-nc227wf

Scores

CVSS v3 6.2

EPSS 0.0016

EPSS Percentile 5.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-598

Status published

Products (1)

Trivision/Camera NC227WF 5.8.0

Published Feb 27, 2025

Tracked Since Feb 18, 2026