PT-2025-51364 · Ningyuanda · Ningyuanda Tc155

Keroomi

Publicado

2025-12-16

Atualizado

2025-12-17

CVE-2025-14748

CVSS v3.1

5.4

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Ningyuanda TC155 version 57.0.2.0

Description A flaw exists in Ningyuanda TC155 version 57.0.2.0 related to improper access controls within the ONVIF Device Management Service component. The issue stems from manipulating the FactoryDefault argument with the input Hard in the file /onvif/device service. This requires access to the local network. The exploit has been publicly disclosed. The vendor was contacted but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Privilege Assignment

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-284

Identificadores relacionados

CVE-2025-14748

Produtos afetados

Ningyuanda Tc155

PT-2025-51364 · Ningyuanda · Ningyuanda Tc155

CVE-2025-14748

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9