{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-34058", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-04-15T19:15:22.549Z", "datePublished": "2025-07-01T14:48:40.033Z", "dateUpdated": "2025-07-01T18:38:53.665Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["/login.php endpoint", "/systemLog/downFile.php endpoint", "fileName parameter"], "product": "Streaming Media Management Server", "vendor": "Hangzhou Hikvision System Technology", "versions": [{"status": "affected", "version": "2.3.5"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files."}], "value": "Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files."}], "impacts": [{"capecId": "CAPEC-16", "descriptions": [{"lang": "en", "value": "CAPEC-16 Dictionary-based Password Attack"}]}, {"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-521", "description": "CWE-521 Weak Password Requirements", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-07-01T14:48:40.033Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-14544"}, {"tags": ["exploit"], "url": "https://blog.csdn.net/qq_40684306/article/details/115278837"}, {"tags": ["product"], "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/hikvision-streaming-server-default-creds-file-read"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_known-exploited-vulnerability"], "title": "Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T18:38:34.613255Z", "id": "CVE-2025-34058", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T18:38:53.665Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-34058", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-01T18:38:34.613255Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T18:38:48.655Z"}}], "cna": {"tags": ["x_known-exploited-vulnerability"], "title": "Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-16", "descriptions": [{"lang": "en", "value": "CAPEC-16 Dictionary-based Password Attack"}]}, {"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hangzhou Hikvision System Technology", "modules": ["/login.php endpoint", "/systemLog/downFile.php endpoint", "fileName parameter"], "product": "Streaming Media Management Server", "versions": [{"status": "affected", "version": "2.3.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-14544", "tags": ["third-party-advisory"]}, {"url": "https://blog.csdn.net/qq_40684306/article/details/115278837", "tags": ["exploit"]}, {"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/", "tags": ["product"]}, {"url": "https://vulncheck.com/advisories/hikvision-streaming-server-default-creds-file-read", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files.", "supportingMedia": [{"type": "text/html", "value": "Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-521", "description": "CWE-521 Weak Password Requirements"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-07-01T14:48:40.033Z"}}}, "cveMetadata": {"cveId": "CVE-2025-34058", "state": "PUBLISHED", "dateUpdated": "2025-07-01T18:38:53.665Z", "dateReserved": "2025-04-15T19:15:22.549Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-07-01T14:48:40.033Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files."}, {"lang": "es", "value": "Hikvision Streaming Media Management Server v2.3.5 utiliza credenciales predeterminadas que permiten a atacantes remotos autenticarse y acceder a funciones restringidas. Tras autenticarse con estas credenciales, un atacante puede explotar una vulnerabilidad de lectura de archivos arbitrarios en el endpoint /systemLog/downFile.php mediante un salto de directorio en el par\u00e1metro fileName. Esta cadena de exploits puede permitir el acceso no autorizado a archivos confidenciales del sistema."}], "id": "CVE-2025-34058", "lastModified": "2025-07-03T15:14:12.767", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-07-01T15:15:24.340", "references": [{"source": "disclosure@vulncheck.com", "url": "https://blog.csdn.net/qq_40684306/article/details/115278837"}, {"source": "disclosure@vulncheck.com", "url": "https://vulncheck.com/advisories/hikvision-streaming-server-default-creds-file-read"}, {"source": "disclosure@vulncheck.com", "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-14544"}, {"source": "disclosure@vulncheck.com", "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-521"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}