CVE-2019-25247 MEDIUM

CVE-2019-25247: Beward N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Vulnerability

Vendor Beward R&D Co., Ltd
Product N100 H.264 VGA IP Camera
Weakness CWE-352 · CSRF
Published December 24, 2025
Last update December 24, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into submitting the form.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-32446 WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script) CVE-2022-1847 Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF CVE-2026-32343 WordPress Easy Table of Contents plugin <= 2.0.80 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-4301 CSRF vulnerability in Fortify Plugin allow capturing credentials