HIGH🇬🇧 English

CVE-2025-66049

CVSS 8.7v4.0pub. 2026-01-09upd. 2026-01-14

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security.  The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Vivotek Ip7137

    HW
    Vivotek
    wszystkie wersje
  • Vivotek Ip7137 Firmware

    OS
    Vivotek
    0200a
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-66050CRITICAL9.3PL ✓ten sam produkt

Vivotek IP7137: brak wymaganego hasła administratora (domyślnie)

CVE-2025-66052HIGH8.6ten sam produkt

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt"...

CVE-2025-66051MEDIUM6.9ten sam produkt

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authe...

CVE-2024-26548CRITICAL9.8PL ✓ten sam vendor

RCE w Vivotek Network Camera poprzez komponent upload_file.cgi

CVE-2013-1595CRITICAL9.8ten sam vendor

A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted pac...

CVE-2025-66049 — HIGH 8.7 | CVEbaza.pl