of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera
credentials stored in the Recording Server under specific conditions.
Metrics
Affected Vendors & Products
Solution
To mitigate the issue, we highly recommend installing the latest XProtect Device Pack which contains the most up to date device drivers.
Workaround
If, for any reason, update is not possible, we recommend monitoring of the log files under ‘%PROGRAMDATA%\XProtect Recording Server\Logs\Drivers’ for exposed credentials.
Tue, 15 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Mon, 20 Jan 2025 09:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV4_0
|
Wed, 15 Jan 2025 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV4_0
|
Wed, 15 Jan 2025 10:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 07 Jan 2025 10:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions. | Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions. |
Fri, 20 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Thu, 19 Dec 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions. | |
Title | Sensitive Information in Driver’s Log File | |
Weaknesses | CWE-532 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Milestone
Published:
Updated: 2025-08-28T14:41:37.061Z
Reserved: 2024-12-12T10:59:50.462Z
Link: CVE-2024-12569

Updated: 2024-12-20T17:58:44.513Z

Status : Awaiting Analysis
Published: 2024-12-19T09:16:13.830
Modified: 2025-08-26T21:15:31.950
Link: CVE-2024-12569

No data.

Updated: 2025-07-13T11:21:42Z