Search
Find a vulnerability
Search criteria
2 vulnerabilities found for BEWARD Intercom by Beward R&D Co., Ltd
CVE-2018-25130 (GCVE-0-2018-25130)
Vulnerability from nvd – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:27
VLAI
EPSS
VEX
Title
Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database
Summary
Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46267 | exploit |
| https://www.beward.net | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Beward R&D Co., Ltd | BEWARD Intercom |
Affected:
2.3.1.34471
Affected: 2.3.0 Affected: 2.2.11 Affected: 2.2.10.5 Affected: 2.2.9 Affected: 2.2.8.9 Affected: 2.2.7.4 |
Date Public
2018-11-28 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25130",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:14:16.477629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:27:08.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BEWARD Intercom",
"vendor": "Beward R\u0026D Co., Ltd",
"versions": [
{
"status": "affected",
"version": "2.3.1.34471"
},
{
"status": "affected",
"version": "2.3.0"
},
{
"status": "affected",
"version": "2.2.11"
},
{
"status": "affected",
"version": "2.2.10.5"
},
{
"status": "affected",
"version": "2.2.9"
},
{
"status": "affected",
"version": "2.2.8.9"
},
{
"status": "affected",
"version": "2.2.7.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2018-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:27:43.752Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46267",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46267"
},
{
"name": "Beward Product Homepage",
"tags": [
"product"
],
"url": "https://www.beward.net"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2019-5505)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php"
}
],
"title": "Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25130",
"datePublished": "2025-12-24T19:27:43.752Z",
"dateReserved": "2025-12-24T14:28:02.432Z",
"dateUpdated": "2025-12-24T20:27:08.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25130 (GCVE-0-2018-25130)
Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:27
VLAI
EPSS
VEX
Title
Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database
Summary
Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46267 | exploit |
| https://www.beward.net | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Beward R&D Co., Ltd | BEWARD Intercom |
Affected:
2.3.1.34471
Affected: 2.3.0 Affected: 2.2.11 Affected: 2.2.10.5 Affected: 2.2.9 Affected: 2.2.8.9 Affected: 2.2.7.4 |
Date Public
2018-11-28 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25130",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:14:16.477629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:27:08.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BEWARD Intercom",
"vendor": "Beward R\u0026D Co., Ltd",
"versions": [
{
"status": "affected",
"version": "2.3.1.34471"
},
{
"status": "affected",
"version": "2.3.0"
},
{
"status": "affected",
"version": "2.2.11"
},
{
"status": "affected",
"version": "2.2.10.5"
},
{
"status": "affected",
"version": "2.2.9"
},
{
"status": "affected",
"version": "2.2.8.9"
},
{
"status": "affected",
"version": "2.2.7.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2018-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:27:43.752Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46267",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46267"
},
{
"name": "Beward Product Homepage",
"tags": [
"product"
],
"url": "https://www.beward.net"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2019-5505)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5505.php"
}
],
"title": "Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25130",
"datePublished": "2025-12-24T19:27:43.752Z",
"dateReserved": "2025-12-24T14:28:02.432Z",
"dateUpdated": "2025-12-24T20:27:08.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}