CVE-2025-14749
BaseFortify
Publication date: 2025-12-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shenzhenningyuandatechnology | tc155_firmware | 57.0.2.0 |
| shenzhenningyuandatechnology | tc155 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability leads to improper access controls allowing unauthenticated local network attackers to manipulate the camera's PTZ functions, impacting confidentiality, integrity, and availability of the device. Such unauthorized access and control could result in violations of data protection and privacy regulations like GDPR and HIPAA, which require safeguarding personal data and ensuring secure access controls. The lack of vendor response and absence of mitigations further exacerbate compliance risks. [2, 3]
Can you explain this vulnerability to me?
CVE-2025-14749 is an access control vulnerability in the Ningyuanda TC155 IP camera's ONVIF PTZ Control Interface, specifically in the /onvif/device_service endpoint. The vulnerability allows an attacker on the local network to send PTZ (pan-tilt-zoom) control commands without any authentication or access restrictions. This means an attacker can remotely control the camera's orientation and movements without needing credentials, due to improper access control in the firmware. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker on the same local network to take full remote control of the camera's PTZ functions without authentication. The attacker can manipulate the camera's orientation persistently, potentially redirecting or suppressing its field of view, bypassing surveillance coverage, or causing continuous disorientation of the device. This compromises the confidentiality, integrity, and availability of the device and its surveillance capabilities. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for unauthenticated SOAP requests to the /onvif/device_service endpoint of the Ningyuanda TC155 IP camera, specifically looking for PTZ control commands such as ContinuousMove. Commands like curl or SOAP client tools can be used to send test requests to the /onvif/device_service endpoint to check if PTZ commands are accepted without authentication. For example, using curl to send a SOAP request to the device's /onvif/device_service endpoint and observing if the camera responds or moves without credentials indicates the vulnerability. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include isolating the affected Ningyuanda TC155 IP cameras on a separate VLAN or network segment to restrict local network access, disabling ONVIF PTZ control if possible, and monitoring for unauthorized PTZ commands. Since no official patch or fix is available and the vendor did not respond, replacing the affected devices with secure alternatives is recommended to fully mitigate the risk. [2]