CVE-2025-14749

Published: Dec 16, 2025Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Shenzhenningyuandatechnology: Tc155 Firmware

Shenzhenningyuandatechnology

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Shenzhenningyuandatechnology Tc155 Firmware	Version 57.0.2.0

Running on/with	Platform Versions
Shenzhenningyuandatechnology Tc155	All versions

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-PTZ-Remote-Control.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.336522

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.336522

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.707198

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.