CVE-2025-14747
BaseFortify
Publication date: 2025-12-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shenzhenningyuandatechnology | tc155_firmware | 57.0.2.0 |
| shenzhenningyuandatechnology | tc155 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14747 is a denial of service (DoS) vulnerability in the Ningyuanda TC155 IP Camera firmware version 57.0.2.0. It affects the RTSP (Real Time Streaming Protocol) service running on port 554. An attacker on the local network can send a malformed RTSP DESCRIBE request to the camera, causing it to enter a fault state and automatically reboot. This reboot disrupts the video streaming temporarily, resulting in a repeatable denial-of-service condition without requiring authentication. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by causing temporary loss of video feed from the affected IP camera. An attacker within the local network can repeatedly trigger the camera to reboot by sending malformed RTSP requests, resulting in denial of service and disruption of the camera's streaming functionality. This can affect surveillance and monitoring capabilities relying on the camera. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for the presence of the RTSP service running on port 554 on the Ningyuanda TC155 IP Camera firmware version 57.0.2.0. Specifically, you can check if the device responds to RTSP DESCRIBE requests. A malformed RTSP DESCRIBE request sent to the device causes it to reboot, which can be used as a detection method. For detection, you can use network scanning tools to identify devices with port 554 open, for example: `nmap -p 554 <target-ip>`. To test the vulnerability, sending a malformed RTSP DESCRIBE request to the device can confirm if it is vulnerable, but this will cause a denial of service (reboot). Example command using `curl` or `rtsp` client tools might be crafted accordingly, but no exact commands are provided in the resources. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected device's RTSP service to trusted hosts only, ensuring that only local network users can reach port 554. Since the vulnerability requires local network access, segmenting the network or applying firewall rules to block unauthorized access to the device can reduce risk. There are no known patches or vendor responses available, so replacing the affected product with an alternative device is suggested. Monitoring the device for unexpected reboots and limiting exposure of the RTSP service are recommended interim measures. [3, 1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.