CVE-2025-25985

LOW EPSS 17.3%

Published Apr 18, 20251y ago · Modified Jun 17, 20261w ago

2.6 CVSS 3.1

Low

Published Apr 18, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.

CVSS Details

Base Score

2.6

Exploitability

0.9

Impact

1.4

Vector string

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack Vector Physical

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Changed

Confidentiality Low

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

17.3% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-256

Affected Products 2

Vendor	Product	Version	Range
macro-video	v380e6_c1_firmware	1020302	any
macro-video	v380e6_c1	*	any

References 2

github.com https://github.com/vladko312/Research_v380_IP_camera

ExploitThird Party Advisory
github.com https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25985.md

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.