CVE-2020-25747 Information

Description

The Telnet service of Rubetek RV-3406 RV-3409 and RV-3411 cameras (firmware versions v342 v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus the attacker can watch live streams from the camera rotate the camera change some settings (brightness clarity time) restart the camera or reset it to factory settings.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Reference

https://github.com/jet-pentest/CVE-2020-25747

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

HIGH

Base Severity

9.4