CVE-2019-25248 HIGH

CVE-2019-25248: Beward N100 M2.1.6 Unauthenticated RTSP Video Stream Disclosure

Vendor Beward
Product N100 H.264 VGA IP Camera
Weakness CWE-306 · Missing auth
Published December 24, 2025
Last update December 24, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated