CVE-2025-14749
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14749
EUVD
EUVD-2025-203496
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
shenzhenningyuandatechnology tc155_firmware 57.0.2.0
shenzhenningyuandatechnology tc155 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14749 is an access control vulnerability in the Ningyuanda TC155 IP camera's ONVIF PTZ Control Interface, specifically in the /onvif/device_service endpoint. The vulnerability allows an attacker on the local network to send PTZ (pan-tilt-zoom) control commands without any authentication or access restrictions. This means an attacker can remotely control the camera's orientation and movements without needing credentials, due to improper access control in the firmware. [2, 3]

Impact Analysis

This vulnerability can impact you by allowing an attacker on the same local network to take full remote control of the camera's PTZ functions without authentication. The attacker can manipulate the camera's orientation persistently, potentially redirecting or suppressing its field of view, bypassing surveillance coverage, or causing continuous disorientation of the device. This compromises the confidentiality, integrity, and availability of the device and its surveillance capabilities. [2, 3]

Detection Guidance

This vulnerability can be detected by monitoring network traffic for unauthenticated SOAP requests to the /onvif/device_service endpoint of the Ningyuanda TC155 IP camera, specifically looking for PTZ control commands such as ContinuousMove. Commands like curl or SOAP client tools can be used to send test requests to the /onvif/device_service endpoint to check if PTZ commands are accepted without authentication. For example, using curl to send a SOAP request to the device's /onvif/device_service endpoint and observing if the camera responds or moves without credentials indicates the vulnerability. [2, 3]

Mitigation Strategies

Immediate mitigation steps include isolating the affected Ningyuanda TC155 IP cameras on a separate VLAN or network segment to restrict local network access, disabling ONVIF PTZ control if possible, and monitoring for unauthorized PTZ commands. Since no official patch or fix is available and the vendor did not respond, replacing the affected devices with secure alternatives is recommended to fully mitigate the risk. [2]

Compliance Impact

This vulnerability leads to improper access controls allowing unauthenticated local network attackers to manipulate the camera's PTZ functions, impacting confidentiality, integrity, and availability of the device. Such unauthorized access and control could result in violations of data protection and privacy regulations like GDPR and HIPAA, which require safeguarding personal data and ensuring secure access controls. The lack of vendor response and absence of mitigations further exacerbate compliance risks. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14749. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart