CVE-2025-12636

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

CVE-2025-12636 Ubia Ubox

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

CVE-2025-12636

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

CVE-2025-12636

The CVE-2025-12636 affects Ubia/NVR Ubia camera ecosystem (notably Ubia Ubox). Root cause: insufficient protection of API credentials, enabling an attacker to connect to backend services. Impact (per sources): unauthorized access to cameras, allowing viewing live feeds and potential modification ...

Ubia Ubox 安全漏洞

Ubia Ubox is an intelligent video surveillance device from China's Yuchuan Network Ubia. Ubia Ubox has a security vulnerability that stems from a failure to adequately protect API credentials, which could lead to unauthorized access to the camera and view live feeds or modify settings...

PT-2025-45388

Name of the Vulnerable Software and Affected Versions Ubia camera ecosystem affected versions not specified Description The Ubia camera ecosystem does not adequately secure API credentials, potentially allowing an attacker to connect to backend services. Successful exploitation could grant an...

D-Link DCS Cross-Site Forgery Request Vulnerability

D-Link DCS-933L and others are wireless surveillance camera devices from AUO D-Link. A security vulnerability exists in several D-Link DCS cameras. An attacker can exploit the vulnerability with the help of a specially crafted Flash file to retrieve information from Live Feeds or Camera, add new...

Cross site request forgery (csrf)

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to , thus accepting requests from any domain. If a...

CVE-2017-7852

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to , thus accepting requests from any domain. If a...

PT-2017-17954 · D Link · Dcs-932Lb1 +7

Name of the Vulnerable Software and Affected Versions: D-Link DCS-933L versions prior to 1.13.05 D-Link DCS-5030L D-Link DCS-5020L D-Link DCS-2530L D-Link DCS-2630L D-Link DCS-930L D-Link DCS-932L D-Link DCS-932LB1 Description: The issue allows sites hosting malicious Flash objects to access and/...

D-Link DCS Series Cameras - Insecure Crossdomain

Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on DCS-933L with firmware version 1.03. Other...

D-Link DCS Series Cameras - Insecure Crossdomain

D-Link DCS Series Cameras - Insecure Crossdomain Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on...