#VU125481 Cleartext storage of sensitive information in AVideo - CVE-2026-33867
Published: April 8, 2026
Vulnerability identifier: #VU125481
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-33867
CWE-ID: CWE-312
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AVideo
AVideo
Software vendor:
World Wide Broadcast Network
World Wide Broadcast Network
Description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to cleartext storage of sensitive information in objects/video.php when storing and checking video passwords. A remote attacker can obtain read access to the database to disclose sensitive information.
Passwords for protected videos are stored and compared in plaintext, and exposure can occur through database reads such as SQL injection, backup disclosure, or misconfigured access controls.
Remediation
Install security update from vendor's website.