CVE-2020-25748

Published: Sep 25, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.

Affected (6)

Products: Rubetek: Rv 3406 Firmware, Rv 3409 Firmware, Rv 3411 Firmware

3 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rubetek Rv 3406 Firmware	Version 339
Rubetek Rv 3406 Firmware	Version 342

Running on/with	Platform Versions
Rubetek Rv 3406	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rubetek Rv 3409 Firmware	Version 339
Rubetek Rv 3409 Firmware	Version 342

Running on/with	Platform Versions
Rubetek Rv 3409	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rubetek Rv 3411 Firmware	Version 339
Rubetek Rv 3411 Firmware	Version 342

Running on/with	Platform Versions
Rubetek Rv 3411	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://github.com/jet-pentest/CVE-2020-25748

Source: cve@mitre.org

Third Party Advisory

https://github.com/jet-pentest/CVE-2020-25748

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.