Beward N100 M2.1.6 Unauthenticated RTSP Video Stream Disclosure

Advisories

severity: high
date: December 24, 2025
Affecting: N100 H.264 VGA IP Camera M2.1.6.04C014
CVE: CVE-2019-25248
CWE: CWE-306 Missing Authentication for Critical Function
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-46317
Beward Official Product Homepage
Zero Science Lab Disclosure (ZSL-2019-5509)
Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab
Description: Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.