EUVD-2025-204759

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

CVE-2025-65856

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical...

CVE-2025-8065 Remote Code Execution via Stack-based Buffer Overflow in ONVIF SOAP Parser in TP-Link Tapo C200 and C520WS

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP reque...

PT-2025-52533

Name of the Vulnerable Software and Affected Versions Tapo C200 V3 affected versions not specified Description A buffer overflow exists in the ONVIF XML parser. An attacker on the same local network can send specially crafted SOAP XML requests, leading to memory overflow and a device crash,...

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. "The flaws, affecting the device's ONVIF protocol and file upload handlers, allow...

(Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology TC500 cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the ONVIF protocol. The issue results from the la...

CVE-2023-51625

D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this...

CVE-2023-51627

D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this...

D-Link DCS-8300LHV2 安全漏洞

D-Link DCS-8300LHV2 is a webcam from China AUO D-Link. A security vulnerability exists in the D-Link DCS-8300LHV2 that stems from a remote code execution vulnerability in the ONVIF SetSystemDateAndTime command injection...

D-Link DCS-8300LHV2 安全漏洞

D-Link DCS-8300LHV2 is a webcam from China AUO D-Link. A security vulnerability exists in the D-Link DCS-8300LHV2 that stems from a ONVIF SetHostName stack-based buffer overflow remote code execution vulnerability...

CVE-2022-30563

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet...

Authentication flaw

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issu...

CVE-2017-8227

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification which...

Onvif protocol anonymous access vulnerability in yestv cameras

Yestv yestv camera is wireless network wifi smart monitor. Yestv cameras have an anonymous access vulnerability in the onvif protocol. The vulnerability is due to call onvif protocol interface to arbitrarily modify the network configuration, arbitrary reboot device, the attacker can write a messa...

CVE-2017-11510

An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request...

Foscam camera ONVIF SetHostname Stored Cross-Site Scripting Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly via WIFI. A stored cross-site scripting vulnerability exists in Foscam camera ONVIF SetHostname. An unauthenticated attacker is able to trigger a persistent cross-site scripting attack...