CVE-2025-3403

LOW

Vivotek NVR <4.2.0.101 - Info Disclosure

Title source: llm

Description

A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in source code. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Various Sources exploit

https://github.com/lfparizzi/CVE-VIVOTEK-ID/blob/main/README.md

View Writeup ZIP pw:eip

Permissions Required, VDB Entry vdb-entry

https://vuldb.com/?id.303648

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.303648

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.543589

Scores

CVSS v3 2.7

EPSS 0.0031

EPSS Percentile 22.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-540

Status published

Products (9)

Vivotek/NVR ND8422P 2.4.0.204

Vivotek/NVR ND8422P 3.3.0.104

Vivotek/NVR ND8422P 4.2.0.101

Vivotek/NVR ND9525P 2.4.0.204

Vivotek/NVR ND9525P 3.3.0.104

Vivotek/NVR ND9525P 4.2.0.101

Vivotek/NVR ND9541P 2.4.0.204

Vivotek/NVR ND9541P 3.3.0.104

Vivotek/NVR ND9541P 4.2.0.101

Published Apr 08, 2025

Tracked Since Feb 18, 2026