CVE-2020-25748
Last modified
CVE-2020-25748 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. EPSS estimates a 0.84% chance of exploitation in the next 30 days.
Description
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rubetek | Rv-3406 Firmware | 339 |
| Rubetek | Rv-3406 Firmware | 342 |
| Rubetek | Rv-3409 Firmware | 339 |
| Rubetek | Rv-3409 Firmware | 342 |
| Rubetek | Rv-3411 Firmware | 339 |
| Rubetek | Rv-3411 Firmware | 342 |
References
- https://github.com/jet-pentest/CVE-2020-25748Third Party Advisory
- https://github.com/jet-pentest/CVE-2020-25748Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-25748?
How severe is CVE-2020-25748?
How do I fix CVE-2020-25748?
Are you affected by CVE-2020-25748?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST