216.73.216.133

CVE-2019-25436

· Published 20/02/2026 23:16 · Modified 20/02/2026 23:16

Labels: CVE-2019-25436 2026-02-20CVE-2019-25436CWE-303[email protected]

Essential information

Published
20/02/2026 23:16
Modified
20/02/2026 23:16
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sricam / deviceviewer cpe:2.3:a:sricam:deviceviewer:3.12.0.1:*:*:*:*:*:*:*

References