CVE-2020-25747

Published: Sep 25, 2020Modified: Nov 21, 2024

9.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Exploitability: 3.9 / Impact: 5.5

Source: NVD

Description

The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.

Affected (6)

Products: Rubetek: Rv 3406 Firmware, Rv 3409 Firmware, Rv 3411 Firmware

3 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rubetek Rv 3406 Firmware	Version 339
Rubetek Rv 3406 Firmware	Version 342

Running on/with	Platform Versions
Rubetek Rv 3406	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rubetek Rv 3409 Firmware	Version 339
Rubetek Rv 3409 Firmware	Version 342

Running on/with	Platform Versions
Rubetek Rv 3409	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rubetek Rv 3411 Firmware	Version 339
Rubetek Rv 3411 Firmware	Version 342

Running on/with	Platform Versions
Rubetek Rv 3411	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://github.com/jet-pentest/CVE-2020-25747

Source: cve@mitre.org

Third Party Advisory

https://github.com/jet-pentest/CVE-2020-25747

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.