Primary

Context

Sricam DeviceViewer Password Change Security Bypass Vulnerability

Vulnerability

A password change security bypass vulnerability has been identified in Sricam DeviceViewer version 3.12.0.1. This vulnerability allows authenticated users to change passwords without properly validating the old password. By injecting a large payload into the old password parameter during the password change process, attackers can bypass the validation and set an arbitrary new password.

Impact

Exploitation of this vulnerability allows for arbitrary password changes, potentially leading to unauthorized access.

Reproduction

To reproduce this vulnerability, log into the Sricam DeviceViewer application as a registered user. Navigate to 'System Tools' and select 'Change Password'. Inject a large payload into the 'old password' field and enter a desired new password. After submitting the change, restart the application and log in with the new password to confirm the change.

Added: Feb 20, 2026, 11:33 PM

Updated: Feb 20, 2026, 11:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.6

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.6

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sricam DeviceViewer Password Change Security Bypass Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Sricam DeviceViewer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating