Description

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files.

INFO

Published Date :

2025-07-01T14:48:40.033Z

Last Modified :

2025-07-01T18:38:53.665Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2025-34058 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34058.

URL Resource
https://blog.csdn.net/qq_40684306/article/details/115278837 cve-icon cve-icon
https://vulncheck.com/advisories/hikvision-streaming-server-default-creds-file-read cve-icon cve-icon
https://www.cnvd.org.cn/flaw/show/CNVD-2021-14544 cve-icon cve-icon
https://www.hikvision.com/en/support/cybersecurity/security-advisory/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability