722 matches found
Sony IP Cameras Cross-Site Request Forgery (CVE-2013-3539)
Cross-site request forgery CSRF vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for...
📄 Xiongmai XM530 ONVIF / RTSP Security Scanner
This project is a unified PHP-based security scanner designed to identify critical vulnerabilities in IP cameras, with a primary focus on ONVIF authentication bypass CVE-2025-65856 and unauthenticated RTSP stream exposure. The tool provides a single-file web interface that allows scanning a singl...
CVE-2026-0855 Merit LILIN|IP Camera - OS Command Injection
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...
CVE-2016-2356
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password...
CVE-2016-2359
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource...
CVE-2016-2360
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations...
Vatilon-based IP Cameras Authentication Bypass / Credential Exposure
Vatilon-based IP camera firmware contains an authentication bypass and plaintext credential exposure vulnerability in the /cgi-bin/web.cgi API. The web interface processes requests containing username and password parameters in plaintext without validating authentication state or session context,...
CVE-2025-65857
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...
VulnCheck KEV: CVE-2018-10661
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control...
CVE-2025-53702
Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...
CVE-2025-53702
Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...
EUVD-2025-35685
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...
EUVD-2021-10774
Malware in sbrugna...
EUVD-2013-2522
Malware in sbrugna...
EUVD-2018-19241
Malware in sbrugna...
EUVD-2016-3441
Malware in sbrugna...
EUVD-2019-4978
Malware in sbrugna...
EUVD-2016-3443
Malware in sbrugna...
EUVD-2018-2729
Malware in sbrugna...
EUVD-2018-2735
Malware in sbrugna...