{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-10264", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2025-09-11T11:42:41.676Z", "datePublished": "2025-09-12T10:06:12.163Z", "dateUpdated": "2025-09-12T15:52:40.298Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DS-1200", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "*.*.*.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-2100 Pro", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "*.*.*.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-2100 Pro+", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "*.*.*.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-2100 UHD", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "*.*.*.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-2200 UHD", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "*.*.*.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-2200 UHD+", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "*.*.*.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-4200 Pro", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "*.*.*.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-4200 Pro+", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-4200 UHD", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-4200 UHD+", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-4100-RM", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-4200-RM Pro+", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-4200-RM UHD", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-8x00-RM Pro+", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-8x00-SRM Pro+", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-8x00-RM UHD", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-16x00-RM Pro+", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "DS-16x00-RM UHD", "vendor": "Digiever", "versions": [{"lessThanOrEqual": "x.x.x.78", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-09-12T09:53:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras."}], "value": "Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2025-09-12T10:06:12.163Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-10376-a057c-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update firmware version to x.x.x.79 and later"}], "value": "Update firmware version to x.x.x.79 and later"}], "source": {"advisory": "TVN-202509001", "discovery": "EXTERNAL"}, "title": "Digiever\uff5cNVR - Exposure of Sensitive Information", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-12T15:49:49.277357Z", "id": "CVE-2025-10264", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-12T15:52:40.298Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10264", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-12T15:49:49.277357Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-12T15:51:11.340Z"}}], "cna": {"title": "Digiever\uff5cNVR - Exposure of Sensitive Information", "source": {"advisory": "TVN-202509001", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Digiever", "product": "DS-1200", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*.*.*.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-2100 Pro", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*.*.*.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-2100 Pro+", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*.*.*.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-2100 UHD", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*.*.*.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-2200 UHD", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*.*.*.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-2200 UHD+", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*.*.*.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-4200 Pro", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*.*.*.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-4200 Pro+", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-4200 UHD", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-4200 UHD+", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-4100-RM", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-4200-RM Pro+", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-4200-RM UHD", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-8x00-RM Pro+", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-8x00-SRM Pro+", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-8x00-RM UHD", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-16x00-RM Pro+", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}, {"vendor": "Digiever", "product": "DS-16x00-RM UHD", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "x.x.x.78"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update firmware version to x.x.x.79 and later", "supportingMedia": [{"type": "text/html", "value": "Update firmware version to x.x.x.79 and later", "base64": false}]}], "datePublic": "2025-09-12T09:53:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10376-a057c-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.", "supportingMedia": [{"type": "text/html", "value": "Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2025-09-12T10:06:12.163Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10264", "state": "PUBLISHED", "dateUpdated": "2025-09-12T15:52:40.298Z", "dateReserved": "2025-09-11T11:42:41.676Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2025-09-12T10:06:12.163Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras."}], "id": "CVE-2025-10264", "lastModified": "2025-09-12T10:15:31.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "twcert@cert.org.tw", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2025-09-12T10:15:31.640", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-10376-a057c-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}