Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Survision
CVE-2025-12108 (GCVE-0-2025-12108)
Vulnerability from nvd – Published: 2025-11-04 18:43 – Updated: 2025-11-05 14:46
VLAI
Title
Missing Authentication for Critical Function Survision License Plate Recognition Camera
Summary
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Survision | License Plate Recognition Camera |
Affected:
All versions
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:46:38.607408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T14:46:47.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "License Plate Recognition Camera",
"vendor": "Survision",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar of Microsec (microsec.io) reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.\u003c/p\u003e"
}
],
"value": "The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T18:43:54.147Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSurvision has released the following versions for users to update to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eLicense Plate Recognition LPR Camera: Firmware version v3.5\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSurvision recommends users to enable the configuration password authentication by defining users and roles with minimal rights in the user management system and, where possible, enforce client certificate authentication.\u003c/p\u003e\u003cp\u003eFor future deployments, plan for integration of the new login/password mechanism and update your installation procedures accordingly.\u003c/p\u003e\u003cul\u003e\u003cli\u003eOn previous versions (inferior to 3.5)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSurvision recommends activating the \"lock\" password in the security parameters and, where possible, enforce client certificate authentication.\u003c/p\u003e\u003cp\u003eFor more information, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://survisiongroup.com/post-contact\"\u003eSurvision\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Survision has released the following versions for users to update to:\n\n * License Plate Recognition LPR Camera: Firmware version v3.5\n\n\nSurvision recommends users to enable the configuration password authentication by defining users and roles with minimal rights in the user management system and, where possible, enforce client certificate authentication.\n\nFor future deployments, plan for integration of the new login/password mechanism and update your installation procedures accordingly.\n\n * On previous versions (inferior to 3.5)\n\n\nSurvision recommends activating the \"lock\" password in the security parameters and, where possible, enforce client certificate authentication.\n\nFor more information, contact Survision https://survisiongroup.com/post-contact ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function Survision License Plate Recognition Camera",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12108",
"datePublished": "2025-11-04T18:43:54.147Z",
"dateReserved": "2025-10-23T13:00:09.658Z",
"dateUpdated": "2025-11-05T14:46:47.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12108 (GCVE-0-2025-12108)
Vulnerability from cvelistv5 – Published: 2025-11-04 18:43 – Updated: 2025-11-05 14:46
VLAI
Title
Missing Authentication for Critical Function Survision License Plate Recognition Camera
Summary
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Survision | License Plate Recognition Camera |
Affected:
All versions
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:46:38.607408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T14:46:47.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "License Plate Recognition Camera",
"vendor": "Survision",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar of Microsec (microsec.io) reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.\u003c/p\u003e"
}
],
"value": "The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T18:43:54.147Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSurvision has released the following versions for users to update to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eLicense Plate Recognition LPR Camera: Firmware version v3.5\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSurvision recommends users to enable the configuration password authentication by defining users and roles with minimal rights in the user management system and, where possible, enforce client certificate authentication.\u003c/p\u003e\u003cp\u003eFor future deployments, plan for integration of the new login/password mechanism and update your installation procedures accordingly.\u003c/p\u003e\u003cul\u003e\u003cli\u003eOn previous versions (inferior to 3.5)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSurvision recommends activating the \"lock\" password in the security parameters and, where possible, enforce client certificate authentication.\u003c/p\u003e\u003cp\u003eFor more information, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://survisiongroup.com/post-contact\"\u003eSurvision\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Survision has released the following versions for users to update to:\n\n * License Plate Recognition LPR Camera: Firmware version v3.5\n\n\nSurvision recommends users to enable the configuration password authentication by defining users and roles with minimal rights in the user management system and, where possible, enforce client certificate authentication.\n\nFor future deployments, plan for integration of the new login/password mechanism and update your installation procedures accordingly.\n\n * On previous versions (inferior to 3.5)\n\n\nSurvision recommends activating the \"lock\" password in the security parameters and, where possible, enforce client certificate authentication.\n\nFor more information, contact Survision https://survisiongroup.com/post-contact ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function Survision License Plate Recognition Camera",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12108",
"datePublished": "2025-11-04T18:43:54.147Z",
"dateReserved": "2025-10-23T13:00:09.658Z",
"dateUpdated": "2025-11-05T14:46:47.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}