CVE-2025-34042

Public Exploit

Beward N100 IP Camera Remote Command Execution

Description

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which are unsafely embedded into backend system calls without proper input sanitization. Successful exploitation results in remote code execution with root privileges.

References

Link	Tags
https://www.beward.net	product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5512.php	third party advisory exploit
https://www.fortiguard.com/encyclopedia/ips/48618	third party advisory
https://s4e.io/tools/beward-n100-h264-vga-ip-camera-arbitrary-file-disclosure	technical description third party advisory
https://packetstorm.news/files/id/151531	exploit
https://cxsecurity.com/issue/WLB-2019020042	exploit
https://vulncheck.com/advisories/beward-n100-remote-command-execution	third party advisory

Frequently Asked Questions

What is the severity of CVE-2025-34042?: CVE-2025-34042 has been scored as a critical severity vulnerability.
How to fix CVE-2025-34042?: To fix CVE-2025-34042, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-34042 being actively exploited in the wild?: It is possible that CVE-2025-34042 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-34042?: CVE-2025-34042 affects Beward N100 IP Camera.

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions