Print - 【Vulnerability Alert】Eternal Digital Communications Technology | Network Monitoring Server

【Vulnerability Alert】Eternal Digital Communications Technology | Network Monitoring Server - Two vulnerabilities identified

publish date : 2025-09-19 update date : 2025-09-19

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025091603090303	Publication Time	2025/09/16 15:13
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/09/16 15:13
Impact Level	Low
[Subject] 【Vulnerability Alert】Eternal Digital Communications Technology \| Network Monitoring Server - Two vulnerabilities identified
[Content] Forwarded from TWCERTCC-200-202509-00000009 【Eternal Digital Communications Technology \| Network Monitoring Server – Exposure of Sensitive Information】(CVE-2025-10264, CVSS: 10.0) An unauthenticated remote attacker can access system configuration files and obtain plaintext usernames and passwords of the NVR and connected cameras. 【Eternal Digital Communications Technology \| Network Monitoring Server – OS Command Injection】(CVE-2025-10265, CVSS: 8.8) An authenticated remote attacker can inject arbitrary operating system commands and execute them on the device. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] ● Affected NVR Series Models: DS-1200 DS-2100 Pro DS-2100 Pro+ DS-2100 UHD DS-2200 UHD DS-2200 UHD+ DS-4200 Pro DS-4200 Pro+ DS-4200 UHD DS-4200 UHD+ DS-4100-RM DS-4200-RM Pro+ DS-4200-RM UHD DS-8x00-RM Pro+ DS-8x00-SRM Pro+ DS-8x00-RM UHD DS-16x00-RM Pro+ DS-16x00-RM UHD ● Affected Firmware Versions: x.x.x.78 and earlier versions
[Recommended Actions] Update firmware to version x.x.x.79 or later.
[Reference] Eternal Digital Communications Technology \| Network Monitoring Server – Two Vulnerabilities: https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center