Sricam DeviceViewer 3.12.0.1 Password Change Security Bypass

Advisories

Sricam DeviceViewer 3.12.0.1 Password Change Security Bypass

severity: medium
date: 2/20/2026
Affecting: DeviceViewer <= 3.12.0.1
CVE: CVE-2019-25436
CWE: CWE-303 Incorrect Implementation of Authentication Algorithm
CVSS: 5.1
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-47476
Vendor Homepage
Credit: Alessandro Magnosi
Description: Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo