CVE-2025-14748
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-14748
EUVD
EUVD-2025-203495
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
shenzhenningyuandatechnology tc155_firmware 57.0.2.0
shenzhenningyuandatechnology tc155 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Ningyuanda TC155 IP Camera's ONVIF Device Management Service, specifically in the /onvif/device_service endpoint. An attacker on the local network can manipulate the FactoryDefault argument by setting it to "Hard" in the SetSystemFactoryDefault function, which causes an unauthorized factory reset of the device. This happens due to improper access control, allowing the reset without authentication. [2, 3]


How can this vulnerability impact me? :

Exploitation of this vulnerability allows an attacker on the local network to perform an unauthorized factory reset of the affected IP camera. This results in loss of all configurations and temporary unavailability of the device, impacting the device's integrity and availability. No credentials are required, making it easy to exploit and potentially disruptive to operations relying on the camera. [2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can be performed by monitoring network traffic for unauthorized requests to the /onvif/device_service endpoint, specifically looking for SOAP or HTTP requests invoking the SetSystemFactoryDefault action with the FactoryDefault parameter set to "Hard". Network scanning tools or custom scripts can be used to detect such requests. For example, using curl to test the endpoint: curl -X POST http://<camera_ip>/onvif/device_service -d '<SOAP-ENV:Envelope>...<SetSystemFactoryDefault><FactoryDefault>Hard</FactoryDefault></SetSystemFactoryDefault>...</SOAP-ENV:Envelope>' and observing if the device resets. Additionally, network intrusion detection systems (NIDS) can be configured to alert on such patterns. [2, 3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the local network segment where the affected cameras reside to trusted users only, as exploitation requires local network access. Since no vendor patch or mitigation is currently available, consider isolating the device from untrusted network segments and monitoring for suspicious activity targeting the /onvif/device_service endpoint. Ultimately, replacing the affected product with a secure alternative is recommended. [2, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart