Cross-Site Request Forgery in Beward N100 H.264 VGA IP Camera
CVE-2019-25247

5.1MEDIUM

Key Information:

Vendor

Beward R&d Co., Ltd

Status
N100 H.264 Vga Ip Camera
Vendor
CVE Published:
24 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2019-25247?

The Beward N100 H.264 VGA IP Camera M2.1.6 is susceptible to a cross-site request forgery vulnerability, enabling attackers to execute unauthorized administrative tasks. By creating a deceptive web page containing a malicious form, an attacker can trick a logged-in user into unwittingly submitting this form, thus allowing the attacker to add an admin user without proper request validation. This flaw poses significant security risks, compromising the integrity of the device and its management system.

Affected Version(s)

N100 H.264 VGA IP Camera M2.1.6.04C014

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-25247 - Proof of Concept

References

https://www.exploit-db.com/exploits/46318
exploit
https://www.beward.net
product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-55...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LiquidWorm as Gjoko Krstic of Zero Science Lab
JSON
.
CVE-2019-25247 : Cross-Site Request Forgery in Beward N100 H.264 VGA IP Camera