CVE-2025-6528

Name of the Vulnerable Software and Affected Versions: 70mai M300 up to 20250611

Description: A vulnerability has been found in the RTSP Live Video Stream Endpoint of the 70mai M300, affecting an unknown functionality of the file /livestream/12. This leads to improper authentication. The attack must be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations: For 70mai M300 up to 20250611, as a temporary workaround, consider restricting access to the RTSP Live Video Stream Endpoint, specifically the /livestream/12 file, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.