CVE-2025-14747
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted element is an unknown function of the component RTSP Service. Performing manipulation results in denial of service. The attack must originate from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14747
EUVD
EUVD-2025-203493
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
shenzhenningyuandatechnology tc155_firmware 57.0.2.0
shenzhenningyuandatechnology tc155 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14747 is a denial of service (DoS) vulnerability in the Ningyuanda TC155 IP Camera firmware version 57.0.2.0. It affects the RTSP (Real Time Streaming Protocol) service running on port 554. An attacker on the local network can send a malformed RTSP DESCRIBE request to the camera, causing it to enter a fault state and automatically reboot. This reboot disrupts the video streaming temporarily, resulting in a repeatable denial-of-service condition without requiring authentication. [1, 3]

Impact Analysis

This vulnerability can impact you by causing temporary loss of video feed from the affected IP camera. An attacker within the local network can repeatedly trigger the camera to reboot by sending malformed RTSP requests, resulting in denial of service and disruption of the camera's streaming functionality. This can affect surveillance and monitoring capabilities relying on the camera. [1, 3]

Detection Guidance

This vulnerability can be detected by monitoring for the presence of the RTSP service running on port 554 on the Ningyuanda TC155 IP Camera firmware version 57.0.2.0. Specifically, you can check if the device responds to RTSP DESCRIBE requests. A malformed RTSP DESCRIBE request sent to the device causes it to reboot, which can be used as a detection method. For detection, you can use network scanning tools to identify devices with port 554 open, for example: `nmap -p 554 <target-ip>`. To test the vulnerability, sending a malformed RTSP DESCRIBE request to the device can confirm if it is vulnerable, but this will cause a denial of service (reboot). Example command using `curl` or `rtsp` client tools might be crafted accordingly, but no exact commands are provided in the resources. [1, 3]

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected device's RTSP service to trusted hosts only, ensuring that only local network users can reach port 554. Since the vulnerability requires local network access, segmenting the network or applying firewall rules to block unauthorized access to the device can reduce risk. There are no known patches or vendor responses available, so replacing the affected product with an alternative device is suggested. Monitoring the device for unexpected reboots and limiting exposure of the RTSP service are recommended interim measures. [3, 1]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14747. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart