VYPR
Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Apr 7, 2026

Sricam DeviceViewer 3.12.0.1 Password Change Security Bypass

CVE-2019-25436

Description

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sricam/DeviceViewerllm-create2 versions
    = 3.12.0.1+ 1 more
    • (no CPE)range: = 3.12.0.1
    • (no CPE)range: 3.12.0.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.