Vulnerability Details CVE-2020-25747
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.6%
CVSS Severity
CVSS v3 Score 9.4
CVSS v2 Score 9.0
References
Products affected by CVE-2020-25747
-
cpe:2.3:h:rubetek:rv-3406:-
-
cpe:2.3:h:rubetek:rv-3409:-
-
cpe:2.3:h:rubetek:rv-3411:-
-
cpe:2.3:o:rubetek:rv-3406_firmware:339
-
cpe:2.3:o:rubetek:rv-3406_firmware:342
-
cpe:2.3:o:rubetek:rv-3409_firmware:339
-
cpe:2.3:o:rubetek:rv-3409_firmware:342
-
cpe:2.3:o:rubetek:rv-3411_firmware:339
-
cpe:2.3:o:rubetek:rv-3411_firmware:342