Vulnerability Details CVE-2020-25749
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2020-25749
-
cpe:2.3:h:rubetek:rv-3406:-
-
cpe:2.3:h:rubetek:rv-3409:-
-
cpe:2.3:h:rubetek:rv-3411:-
-
cpe:2.3:o:rubetek:rv-3406_firmware:339
-
cpe:2.3:o:rubetek:rv-3406_firmware:342
-
cpe:2.3:o:rubetek:rv-3409_firmware:339
-
cpe:2.3:o:rubetek:rv-3409_firmware:342
-
cpe:2.3:o:rubetek:rv-3411_firmware:339
-
cpe:2.3:o:rubetek:rv-3411_firmware:342