CVE-2025-34042
CRITICAL EXPLOITEDBeward N100 IP Camera M2.1.6.04C014 - Command Injection
Title source: llmExploitation Summary
CVE-2025-34042 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which are unsafely embedded into backend system calls without proper input sanitization. Successful exploitation results in remote code execution with root privileges. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-02 UTC.
References (7)
Core 7
Core References
Various Sources product
https://www.beward.net
Vendor Advisory third-party-advisory
https://www.fortiguard.com/encyclopedia/ips/48618
Various Sources third-party-advisory
technical-description
https://s4e.io/tools/beward-n100-h264-vga-ip-camera-arbitrary-file-disclosure
Various Sources exploit
https://packetstorm.news/files/id/151531
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/beward-n100-remote-command-execution
Issue Tracking exploit
https://cxsecurity.com/issue/WLB-2019020042
Third Party Advisory third-party-advisory
exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5512.php
Scores
CVSS v4
9.4
EPSS
0.0176
EPSS Percentile
75.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2025-06-26
CWE
CWE-78
Status
published
Products (1)
Beward/N100 IP Camera
M2.1.6.04C014
Published
Jun 26, 2025
Tracked Since
Feb 18, 2026