CVE-2025-14749

Sažetak

A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-PTZ-Remote-Control.md
https://vuldb.com/?ctiid.336522
https://vuldb.com/?id.336522
https://vuldb.com/?submit.707198

CVSS

Base:	5.8
Impact:	6.4
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:A/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-12-2025 - 03:15

Objavljeno

16-12-2025 - 03:15