Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Sricam DeviceViewer Password Change Bypass Allows Unauthorized Password Changes
CVE-2019-25436
Summary
A security issue in Sricam DeviceViewer 3.12.0.1 allows anyone who has logged in to change passwords without needing to know the current password. This could allow an attacker to gain control of the account. Update to the latest version of Sricam DeviceViewer to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sricam | deviceviewer | 3.12.0.1 | – |
Original title
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attack...
Original description
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password.
nvd CVSS3.1
6.5
nvd CVSS4.0
5.1
Vulnerability type
CWE-303
- http://www.sricam.com/ Product
- https://www.exploit-db.com/exploits/47476 Exploit VDB Entry
- https://www.vulncheck.com/advisories/sricam-deviceviewer-password-change-securit... Third Party Advisory
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026