CVE-2019-25435 – CVE-2019-25435 is a local buffer overflow vulne... (How to Fix)

Q: What is the severity of CVE-2019-25435?

CVE-2019-25435 has a CVSS score of 7.8 (HIGH). CVE-2019-25435 is a local buffer overflow vulnerability in Sricam DeviceViewer 3.12.0.1 that allows authenticated attackers to execute arbitrary code by exploiting the user management add user function. Attackers can inject malicious payloads through the Username field to trigger stack-based buffer overflow and bypass data execution prevention via ROP chain gadgets. This affects organizations using Sricam DeviceViewer for surveillance system management.

📋 TL;DR

CVE-2019-25435 is a local buffer overflow vulnerability in Sricam DeviceViewer 3.12.0.1 that allows authenticated attackers to execute arbitrary code by exploiting the user management add user function. Attackers can inject malicious payloads through the Username field to trigger stack-based buffer overflow and bypass data execution prevention via ROP chain gadgets. This affects organizations using Sricam DeviceViewer for surveillance system management.

💻 Affected Systems

Products:

Sricam DeviceViewer

Versions: 3.12.0.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the DeviceViewer application. The vulnerability is in the user management interface specifically when adding new users.

📦 What is this software?

Deviceviewer by Sricam

View all CVEs affecting Deviceviewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the surveillance system, potentially accessing camera feeds, modifying configurations, and using the system as a foothold for lateral movement within the network.

🟠

Likely Case

Attacker gains authenticated access to the DeviceViewer application and executes arbitrary code to compromise the surveillance system, potentially accessing or manipulating camera feeds and system settings.

🟢

If Mitigated

Limited impact due to network segmentation, proper authentication controls, and monitoring that detects unusual user management activities.

🌐 Internet-Facing: MEDIUM - While exploitation requires authentication, if the DeviceViewer interface is exposed to the internet with weak credentials, risk increases significantly.

🏢 Internal Only: HIGH - In internal networks, authenticated attackers (including malicious insiders or compromised accounts) can exploit this to gain elevated privileges and system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires authenticated access and knowledge of ROP chain construction to bypass DEP. Public exploit code is available on Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sricam.com/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to newer versions if available, or implement workarounds and mitigations.

🔧 Temporary Workarounds

Restrict User Management Access

all

Limit access to the user management functionality to only essential administrative personnel.

Network Segmentation

all

Isolate the DeviceViewer system from critical network segments and implement strict firewall rules.

🧯 If You Can't Patch

Implement strict access controls and multi-factor authentication for DeviceViewer access
Monitor user management activities and audit logs for unusual username entries or privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check DeviceViewer version in Help > About menu. If version is 3.12.0.1, the system is vulnerable.

Check Version:

Check Help > About in DeviceViewer GUI (no CLI command available)

Verify Fix Applied:

Verify version has been updated beyond 3.12.0.1 or workarounds have been implemented.

📡 Detection & Monitoring

Log Indicators:

Unusual user creation events
Long or malformed username entries in user management logs
Process crashes related to DeviceViewer

Network Indicators:

Unusual outbound connections from DeviceViewer system
Traffic patterns suggesting command and control activity

SIEM Query:

source="deviceviewer_logs" AND (event_type="user_creation" AND username_length>50) OR (process_name="DeviceViewer.exe" AND event_type="crash")

📊 Metadata

CVE ID: CVE-2019-25435

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: February 20, 2026

Last Updated: February 26, 2026

🔗 References

https://www.exploit-db.com/exploits/47477 Exploit,VDB Entry
https://www.sricam.com/ Product
https://www.vulncheck.com/advisories/sricam-deviceviewer-local-buffer-overflow-dep-bypass Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25435, you might also want to check these: