CVE-2018-25310— VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-25310
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution
Source: NVD (National Vulnerability Database)
Vulnerability Description
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can leverage the CSRF vulnerability to inject and execute system commands through the Tools > System > Shell interface, gaining root-level access to the device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
VideoFlow Digital Video Protection DVP 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VideoFlow Digital Video Protection DVP是美国VideoFlow公司的一个提供视频内容加密与数字版权保护功能的视频安全系统。 VideoFlow Digital Video Protection DVP 2.10版本存在跨站请求伪造漏洞,该漏洞源于经过身份验证的远程代码执行,可能导致经过身份验证的攻击者通过利用Web管理界面中的跨站请求伪造漏洞执行任意系统命令,具有有效凭据的攻击者可利用CSRF漏洞通过工具菜单系统Shell界面注入并执行系统命令,获取设备的root级访
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| VideoFlow Ltd. | VideoFlow Digital Video Protection | 2.10 | - |
II. Public POCs for CVE-2018-25310
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-25310
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-352
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2022-50955
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions
V. Comments for CVE-2018-25310
No comments yet