CVE-2018-25310

MEDIUM NVD

CVSS Score 4.3

Severity MEDIUM

Published Apr 29, 2026

Vendor unknown

Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can leverage the CSRF vulnerability to inject and execute system commands through the Tools > System > Shell interface, gaining root-level access to the device.

References

https://www.exploit-db.com/exploits/44387
https://www.vulncheck.com/advisories/videoflow-digital-video-protection-dvp-10-authenticated-remote-code-execution
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5455.php