Search criteria
4 vulnerabilities found for DFUSION by Davantis
CVE-2025-41017 (GCVE-0-2025-41017)
Vulnerability from cvelistv5 – Published: 2025-11-24 12:20 – Updated: 2025-12-01 15:37
VLAI?
Title
Multiple vulnerabilities in DFUSION by Davantis
Summary
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras/<CAMERA_ID>/perspective”.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Ferran Plaza
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T13:06:43.019461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:37:19.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DFUSION",
"vendor": "Davantis",
"versions": [
{
"status": "affected",
"version": "prior to 6.186.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ferran Plaza"
}
],
"datePublic": "2025-11-24T12:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing \u201c/cameras/\u0026lt;CAMERA_ID\u0026gt;/perspective\u201d."
}
],
"value": "Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing \u201c/cameras/\u003cCAMERA_ID\u003e/perspective\u201d."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T12:20:25.873Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dfusion-davantis"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerabilities were fixed by the Davantis team in version 6.186.1 in May 2020.\u003cbr\u003e"
}
],
"value": "The vulnerabilities were fixed by the Davantis team in version 6.186.1 in May 2020."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in DFUSION by Davantis",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-41017",
"datePublished": "2025-11-24T12:20:25.873Z",
"dateReserved": "2025-04-16T09:09:25.290Z",
"dateUpdated": "2025-12-01T15:37:19.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41016 (GCVE-0-2025-41016)
Vulnerability from cvelistv5 – Published: 2025-11-24 12:18 – Updated: 2025-11-24 13:11
VLAI?
Title
Multiple vulnerabilities in DFUSION by Davantis
Summary
Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms/<ALARM_ID>/<MEDIA>”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images recorded by security cameras in response to triggered alerts.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Ferran Plaza
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T13:11:11.556189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T13:11:29.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DFUSION",
"vendor": "Davantis",
"versions": [
{
"status": "affected",
"version": "prior to 6.186.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ferran Plaza"
}
],
"datePublic": "2025-11-24T12:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to \u201c/alarms/\u0026lt;ALARM_ID\u0026gt;/\u0026lt;MEDIA\u0026gt;\u201d, where the \u201cMEDIA\u201d parameter can take the value of \u201csnapshot\u201d or \u201cvideo.mp4\u201d. These media files contain images recorded by security cameras in response to triggered alerts."
}
],
"value": "Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to \u201c/alarms/\u003cALARM_ID\u003e/\u003cMEDIA\u003e\u201d, where the \u201cMEDIA\u201d parameter can take the value of \u201csnapshot\u201d or \u201cvideo.mp4\u201d. These media files contain images recorded by security cameras in response to triggered alerts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T12:18:45.678Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dfusion-davantis"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerabilities were fixed by the Davantis team in version 6.186.1 in May 2020.\u003cbr\u003e"
}
],
"value": "The vulnerabilities were fixed by the Davantis team in version 6.186.1 in May 2020."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in DFUSION by Davantis",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-41016",
"datePublished": "2025-11-24T12:18:45.678Z",
"dateReserved": "2025-04-16T09:09:25.290Z",
"dateUpdated": "2025-11-24T13:11:29.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41017 (GCVE-0-2025-41017)
Vulnerability from nvd – Published: 2025-11-24 12:20 – Updated: 2025-12-01 15:37
VLAI?
Title
Multiple vulnerabilities in DFUSION by Davantis
Summary
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras/<CAMERA_ID>/perspective”.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Ferran Plaza
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T13:06:43.019461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:37:19.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DFUSION",
"vendor": "Davantis",
"versions": [
{
"status": "affected",
"version": "prior to 6.186.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ferran Plaza"
}
],
"datePublic": "2025-11-24T12:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing \u201c/cameras/\u0026lt;CAMERA_ID\u0026gt;/perspective\u201d."
}
],
"value": "Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing \u201c/cameras/\u003cCAMERA_ID\u003e/perspective\u201d."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T12:20:25.873Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dfusion-davantis"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerabilities were fixed by the Davantis team in version 6.186.1 in May 2020.\u003cbr\u003e"
}
],
"value": "The vulnerabilities were fixed by the Davantis team in version 6.186.1 in May 2020."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in DFUSION by Davantis",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-41017",
"datePublished": "2025-11-24T12:20:25.873Z",
"dateReserved": "2025-04-16T09:09:25.290Z",
"dateUpdated": "2025-12-01T15:37:19.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41016 (GCVE-0-2025-41016)
Vulnerability from nvd – Published: 2025-11-24 12:18 – Updated: 2025-11-24 13:11
VLAI?
Title
Multiple vulnerabilities in DFUSION by Davantis
Summary
Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms/<ALARM_ID>/<MEDIA>”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images recorded by security cameras in response to triggered alerts.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Ferran Plaza
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T13:11:11.556189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T13:11:29.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DFUSION",
"vendor": "Davantis",
"versions": [
{
"status": "affected",
"version": "prior to 6.186.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ferran Plaza"
}
],
"datePublic": "2025-11-24T12:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to \u201c/alarms/\u0026lt;ALARM_ID\u0026gt;/\u0026lt;MEDIA\u0026gt;\u201d, where the \u201cMEDIA\u201d parameter can take the value of \u201csnapshot\u201d or \u201cvideo.mp4\u201d. These media files contain images recorded by security cameras in response to triggered alerts."
}
],
"value": "Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to \u201c/alarms/\u003cALARM_ID\u003e/\u003cMEDIA\u003e\u201d, where the \u201cMEDIA\u201d parameter can take the value of \u201csnapshot\u201d or \u201cvideo.mp4\u201d. These media files contain images recorded by security cameras in response to triggered alerts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T12:18:45.678Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dfusion-davantis"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerabilities were fixed by the Davantis team in version 6.186.1 in May 2020.\u003cbr\u003e"
}
],
"value": "The vulnerabilities were fixed by the Davantis team in version 6.186.1 in May 2020."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in DFUSION by Davantis",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-41016",
"datePublished": "2025-11-24T12:18:45.678Z",
"dateReserved": "2025-04-16T09:09:25.290Z",
"dateUpdated": "2025-11-24T13:11:29.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}