Sensitive Information Exposure in Digiever NVR Systems
CVE-2025-10264
What is CVE-2025-10264?
CVE-2025-10264 is a vulnerability identified in certain models of Digiever's Network Video Recorder (NVR) systems. These systems are utilized for surveillance and security management, capturing and managing video feeds from connected cameras. The vulnerability involves the exposure of sensitive information, specifically allowing unauthenticated remote attackers to access configuration files of the affected NVR systems. This can lead to the retrieval of plaintext credentials, compromising the security of both the NVR and any connected surveillance cameras. Such a breach could severely undermine the integrity of security operations relying on these systems.
Potential impact of CVE-2025-10264
-
Unauthorized Access: The vulnerability allows attackers to gain unauthorized access to system configurations, enabling them to acquire sensitive credentials. This can lead to full control over NVR systems and connected devices, opening avenues for malicious activities.
-
Data Breach Risks: With plaintext credentials exposed, there is a heightened risk of data breaches. Attackers could not only access live camera feeds but may also manipulate stored footage or delete critical video data, impacting the overall security framework.
-
Compromise of Surveillance Integrity: Exploitation of this vulnerability threatens the reliability of security measures. Attackers could leverage access to disrupt surveillance operations, potentially leading to undetected intrusions or criminal activities within secured environments.
Affected Version(s)
DS-1200 0
DS-16x00-RM Pro+ 0
DS-16x00-RM UHD 0