CVE-2025-12636
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-06
Last updated on: 2025-11-12
Assigner: ICS-CERT
Description
Description
The Ubia camera ecosystem fails to adequately secure API credentials,
potentially enabling an attacker to connect to backend services. The
attacker would then be able to gain unauthorized access to available
cameras, enabling the viewing of live feeds or modification of settings.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubia | camera | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Ubia camera ecosystem involves inadequate security of API credentials. An attacker could exploit this weakness to connect to backend services without authorization, allowing them to access available cameras, view live feeds, or modify camera settings.
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized access to camera feeds and the ability to change camera settings. This could lead to privacy breaches, surveillance by unauthorized parties, and potential misuse of the camera system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70