CVE-2025-41418 - Vulnerability Details - OpenCVE

Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU93396297/
https://www.tbeye.com/topics/ahd/

History

Mon, 30 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Jun 2025 05:45:00 +0000

Type	Values Removed	Values Added
Description		Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request.
Weaknesses		CWE-120
References		https://jvn.jp/en/vu/JVNVU93396297/ https://www.tbeye.com/topics/ahd/
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2025-06-27T05:24:04.762Z

Updated: 2025-06-30T18:40:24.266Z

Reserved: 2025-06-24T23:58:21.302Z

Link: CVE-2025-41418

Vulnrichment

Updated: 2025-06-30T18:40:19.984Z

NVD

Status : Awaiting Analysis

Published: 2025-06-27T06:15:26.180

Modified: 2025-06-30T18:38:48.477

Link: CVE-2025-41418

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41418", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-06-24T23:58:21.302Z", "datePublished": "2025-06-27T05:24:04.762Z", "dateUpdated": "2025-06-30T18:40:24.266Z"}, "containers": {"cna": {"affected": [{"vendor": "TB-eye Ltd.", "product": "XRN-410SN/TE", "versions": [{"version": "firmware versions Ver2.47b_220119153805 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-810SN/TE", "versions": [{"version": "firmware versions Ver2.47b_220119153805 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-1610SN/TE", "versions": [{"version": "firmware versions Ver2.47b_210516234524 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "PRN-4011N/TE", "versions": [{"version": "firmware versions Ver2.51p_231208081715 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-421FN/TE", "versions": [{"version": "firmware versions Ver3.05.62 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-821/TE", "versions": [{"version": "firmware versions Ver3.05.62 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-1621/TE", "versions": [{"version": "firmware versions Ver3.05.62 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-435FN/TE", "versions": [{"version": "firmware versions Ver5.31.72 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-835/TE", "versions": [{"version": "firmware versions Ver5.31.72 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-1635/TE", "versions": [{"version": "firmware versions Ver5.31.72 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-425SFN/TE", "versions": [{"version": "firmware versions Ver5.31.32 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-426S", "versions": [{"version": "firmware versions Ver5.33.12 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-820S/TE", "versions": [{"version": "firmware versions Ver5.34.12 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-1620S/TE", "versions": [{"version": "firmware versions Ver5.34.12 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-3210R/TE", "versions": [{"version": "firmware versions Ver5.34.12 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-6410R/TE", "versions": [{"version": "firmware versions Ver5.34.12 and earlier", "status": "affected"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-6410DR/TE", "versions": [{"version": "firmware versions Ver5.34.12 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request."}], "problemTypes": [{"descriptions": [{"description": "Buffer overflow", "lang": "en-US", "cweId": "CWE-120", "type": "CWE"}]}], "references": [{"url": "https://www.tbeye.com/topics/ahd/"}, {"url": "https://jvn.jp/en/vu/JVNVU93396297/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-06-27T05:24:04.762Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-30T18:40:14.206661Z", "id": "CVE-2025-41418", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T18:40:24.266Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41418", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-30T18:40:14.206661Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T18:40:19.984Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "TB-eye Ltd.", "product": "XRN-410SN/TE", "versions": [{"status": "affected", "version": "firmware versions Ver2.47b_220119153805 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-810SN/TE", "versions": [{"status": "affected", "version": "firmware versions Ver2.47b_220119153805 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-1610SN/TE", "versions": [{"status": "affected", "version": "firmware versions Ver2.47b_210516234524 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "PRN-4011N/TE", "versions": [{"status": "affected", "version": "firmware versions Ver2.51p_231208081715 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-421FN/TE", "versions": [{"status": "affected", "version": "firmware versions Ver3.05.62 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-821/TE", "versions": [{"status": "affected", "version": "firmware versions Ver3.05.62 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-1621/TE", "versions": [{"status": "affected", "version": "firmware versions Ver3.05.62 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-435FN/TE", "versions": [{"status": "affected", "version": "firmware versions Ver5.31.72 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-835/TE", "versions": [{"status": "affected", "version": "firmware versions Ver5.31.72 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "HRX-1635/TE", "versions": [{"status": "affected", "version": "firmware versions Ver5.31.72 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-425SFN/TE", "versions": [{"status": "affected", "version": "firmware versions Ver5.31.32 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-426S", "versions": [{"status": "affected", "version": "firmware versions Ver5.33.12 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-820S/TE", "versions": [{"status": "affected", "version": "firmware versions Ver5.34.12 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-1620S/TE", "versions": [{"status": "affected", "version": "firmware versions Ver5.34.12 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-3210R/TE", "versions": [{"status": "affected", "version": "firmware versions Ver5.34.12 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-6410R/TE", "versions": [{"status": "affected", "version": "firmware versions Ver5.34.12 and earlier"}]}, {"vendor": "TB-eye Ltd.", "product": "XRN-6410DR/TE", "versions": [{"status": "affected", "version": "firmware versions Ver5.34.12 and earlier"}]}], "references": [{"url": "https://www.tbeye.com/topics/ahd/"}, {"url": "https://jvn.jp/en/vu/JVNVU93396297/"}], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-120", "description": "Buffer overflow"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-06-27T05:24:04.762Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41418", "state": "PUBLISHED", "dateUpdated": "2025-06-30T18:40:24.266Z", "dateReserved": "2025-06-24T23:58:21.302Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2025-06-27T05:24:04.762Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en varias versiones de TB-eye network recorders y AHD recorders. El proceso CGI podr\u00eda finalizar de forma an\u00f3mala al procesar una solicitud especialmente manipulada."}], "id": "CVE-2025-41418", "lastModified": "2025-06-30T18:38:48.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2025-06-27T06:15:26.180", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU93396297/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.tbeye.com/topics/ahd/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}