Skip to content

jet-pentest/CVE-2020-25747

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2020-25747

[Suggested description] The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.

[Additional Information] A letter was sent to the vendor about the vulnerability.

[Vulnerability Type] Incorrect Access Control

[Vendor of Product] Rubetek (https://rubetek.com/)

[Affected Product Code Base] Camera RV-3406 - Firmware version 339 and 342 are affected. There are no fixed versions Camera RV-3409 - Firmware version 339 and 342 are affected. There are no fixed versions Camera RV-3411 - Firmware version 339 and 342 are affected. There are no fixed versions

[Affected Component] ONVIF-service, RTSP-service

[Attack Type] Remote

[Impact Denial of Service] true

[Impact Information Disclosure] true

[CVE Impact Other] Onvif service possible to move the camera and change some settings (brightness, clarity, time), it can restart the device and activate the reset to factory settings

[Attack Vectors] Anyone with network access to the camera can connect to ONVIF and RTSP services without using authentication.

[Discoverer] Sergey Zelensky (Jet Infosystems, jet.su)

[Reference] https://jet.su

About

CVE-2020-25747

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published