CVE-2020-25749

Name of the Vulnerable Software and Affected Versions Rubetek cameras RV-3406, RV-3409, and RV-3411 firmware versions v342, v339

Description The issue is related to the Telnet service of the affected cameras, which allows a remote attacker to gain full control of the device using a high-privileged account. This is due to a system account having a default and static password that cannot be changed via standard functionality. The Telnet service itself cannot be disabled.

Recommendations For firmware versions v342 and v339, consider disabling the Telnet service as a temporary workaround, if possible, until a patch is available. However, since the Telnet service cannot be disabled and the password cannot be changed, at the moment, there is no information about a newer version that contains a fix for this vulnerability.