CVE-2025-12108
BaseFortify
Publication date: 2025-11-04
Last updated on: 2025-11-06
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| survision | lpr_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Survision LPR Camera system does not enforce password protection by default, which means anyone can access the configuration wizard immediately without needing to log in or provide credentials.
How can this vulnerability impact me? :
This vulnerability allows unauthorized users to access and potentially modify the camera system's configuration without any authentication, which could lead to security breaches, unauthorized surveillance changes, or exposure of sensitive data.
What immediate steps should I take to mitigate this vulnerability?
Since the Survision LPR Camera system does not enforce password protection by default, immediate mitigation steps include enabling password protection or access controls on the device configuration interface to prevent unauthorized access. If the system does not support enabling password protection, restrict network access to the device by isolating it on a secure network segment or using firewall rules to limit access to trusted hosts only.