HIGH🇬🇧 English

CVE-2025-65857

CVSS 7.5v3.1pub. 2025-12-22upd. 2026-07-05

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Xiongmaitech Xm530v200 X6 Weq 8m

    HW
    Xiongmaitech
    wszystkie wersje
  • Xiongmaitech Xm530v200 X6 Weq 8m Firmware

    OS
    Xiongmaitech
    5.00.r02.000807d8.10010.346624.s.onvif_21.06
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-65856CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w kamerach IP Xiongmai XM530 — dostęp bez uwierzytelnienia

CVE-2022-45460CRITICAL9.8ten sam vendor

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02....

CVE-2021-41506CRITICAL9.8ten sam vendor

Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-...

CVE-2020-22253CRITICAL9.8ten sam vendor

Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7...

CVE-2018-17915CRITICAL9.8ten sam vendor

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communi...