CVE-2020-25747

EPSS 2.15%
Veröffentlicht 25.09.2020 04:23:05
Zuletzt bearbeitet 21.11.2024 05:18:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rubetek ≫ Rv-3406 Firmware Version339

Rubetek ≫ Rv-3406 Version-

Rubetek ≫ Rv-3406 Firmware Version342

Rubetek ≫ Rv-3406 Version-

Rubetek ≫ Rv-3409 Firmware Version339

Rubetek ≫ Rv-3409 Version-

Rubetek ≫ Rv-3409 Firmware Version342

Rubetek ≫ Rv-3409 Version-

Rubetek ≫ Rv-3411 Firmware Version339

Rubetek ≫ Rv-3411 Version-

Rubetek ≫ Rv-3411 Firmware Version342

Rubetek ≫ Rv-3411 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.15%	0.837

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.4	3.9	5.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
nvd@nist.gov	9	10	8.5	AV:N/AC:L/Au:N/C:P/I:P/A:C

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/jet-pentest/CVE-2020-25747

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-25747

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25747

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25747

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-25747