Details of VAR-202103-1808

ID

VAR-202103-1808

CVE

CVE-2025-34058

TITLE

A weak password vulnerability exists in the streaming media management server of Hangzhou Hikvision System Technology Co., Ltd.

Trust: 0.6

sources: CNVD: CNVD-2021-14544

DESCRIPTION

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files. Hikvision is a video-centric intelligent IoT solution and big data service provider. The streaming media management server of Hangzhou Hikvision System Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information

Trust: 1.44

sources: NVD: CVE-2025-34058 // CNVD: CNVD-2021-14544

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-14544

AFFECTED PRODUCTS

vendor:

hikvision digital

model:

streaming media management server

scope:

version:

v2.3.5

Trust: 0.6

sources: CNVD: CNVD-2021-14544

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2025-34058
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-14544
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2021-14544
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-14544 // NVD: CVE-2025-34058

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	CWE-521	Trust: 1.0

sources: NVD: CVE-2025-34058

EXTERNAL IDS

db:	CNVD	id:	CNVD-2021-14544	Trust: 1.6
db:	NVD	id:	CVE-2025-34058	Trust: 1.0

sources: CNVD: CNVD-2021-14544 // NVD: CVE-2025-34058

REFERENCES

url:	https://www.cnvd.org.cn/flaw/show/cnvd-2021-14544	Trust: 1.0
url:	https://vulncheck.com/advisories/hikvision-streaming-server-default-creds-file-read	Trust: 1.0
url:	https://blog.csdn.net/qq_40684306/article/details/115278837	Trust: 1.0
url:	https://www.hikvision.com/en/support/cybersecurity/security-advisory/	Trust: 1.0

sources: NVD: CVE-2025-34058

SOURCES

db:	CNVD	id:	CNVD-2021-14544
db:	NVD	id:	CVE-2025-34058

LAST UPDATE DATE

2025-07-04T23:47:53.171000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-14544	date:	2021-03-05T00:00:00
db:	NVD	id:	CVE-2025-34058	date:	2025-07-03T15:14:12.767

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-14544	date:	2021-03-25T00:00:00
db:	NVD	id:	CVE-2025-34058	date:	2025-07-01T15:15:24.340