CVE-2025-69986

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...

CVE-2025-69986

The CVE describes a buffer overflow in the ONVIF GetStreamUri function of LSC Indoor Camera v7.6.32. The application fails to validate the Protocol parameter length inside the Transport element; a crafted SOAP request with an oversized protocol string can overflow a stack buffer and overwrite the...

CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

EUVD-2025-204759

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

PT-2025-52721

Name of the Vulnerable Software and Affected Versions Xiongmai XM530 IP cameras version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 Description The GetStreamUri function exposes RTSP URIs that include hardcoded credentials, allowing unauthorized access to direct video streams. The affected devi...

Design/Logic Flaw

Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service crash and reboot via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method...

CVE-2018-20050

Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service crash and reboot via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method...

CVE-2018-19078

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password...

Default credentials

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password...

CVE-2018-19078

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password...

CVE-2018-19078

The CVE-2018-19078 entry concerns Foscam Opticam i5 devices (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). The issue is an information disclosure: the ONVIF media GetStreamUri response contains the administrator username and password. This is documented in CNVD-2018-22818 and echoed...

ONVIF Stream URI

Nessus was able to retrieve the remote devices video stream URIs by sending GetProfiles and GetStreamUri ONVIF requests. include"compat.inc"; if description scriptid104275; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date: 2017/10/31 18:41:24 $"; scriptnameenglish:"ONVIF Stream URI";...