CVE-2025-6532

Name of the Vulnerable Software and Affected Versions: NOYAFA/Xiami LF9 Pro up to 20250611

Description: A problematic vulnerability was found in the RTSP Live Video Stream Endpoint component of the NOYAFA/Xiami LF9 Pro device. This issue leads to improper access controls, allowing for unauthorized access or manipulation of video streams. The attack can only be initiated within the local network. The exploit has been disclosed to the public.

Recommendations: For NOYAFA/Xiami LF9 Pro up to 20250611, consider restricting access to the RTSP Live Video Stream Endpoint to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.