6.5
CVE-2025-14746
- EPSS 0.95%
- Veröffentlicht 16.12.2025 02:02:06
- Zuletzt bearbeitet 29.04.2026 01:00:01
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginNingyuanda TC155 RTSP Live Video Stream Endpoint improper authentication
A vulnerability has been found in Ningyuanda TC155 57.0.2.0. The affected element is an unknown function of the component RTSP Live Video Stream Endpoint. Such manipulation leads to improper authentication. The attack must be carried out from within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Shenzhenningyuandatechnology ≫ Tc155 Firmware Version57.0.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.95% | 0.564 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| cna@vuldb.com | 2.1 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| cna@vuldb.com | 3.3 | 6.5 | 2.9 |
AV:A/AC:L/Au:N/C:P/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://vuldb.com/?id.336519
https://vuldb.com/?ctiid.336519
https://vuldb.com/?submit.707195
https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-RTSP.md