PT-2025-53358

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

PT-2025-53359

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage...

PT-2025-53333

Name of the Vulnerable Software and Affected Versions Beward N100 H.264 VGA IP Camera version M2.1.6 Description The Beward N100 H.264 VGA IP Camera version M2.1.6 contains a cross-site request forgery issue. This allows attackers to perform administrative actions without proper validation of...

Beward N100 安全漏洞

Beward N100 is an IP camera from the Russian company Beward. A security vulnerability exists in Beward N100 version M2.1.6, which stems from a lack of proper request validation and could lead to a cross-site request forgery attack...

CVE-2025-65817

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

EUVD-2025-204762

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical...

📄 GALAYOU G2 IP Camera Authentication Bypass

A critical authentication bypass vulnerability exists in the RTSP service of the GALAYOU G2 IP camera. The device exposes multiple RTSP stream endpoints that can be accessed without valid credentials, even when authentication is enabled...

CVE-2025-65817

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

CVE-2025-65817

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

CVE-2025-65817

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

PT-2025-52682

Name of the Vulnerable Software and Affected Versions LSC Smart Connect Indoor IP Camera version 1.4.13 Description The LSC Smart Connect Indoor IP Camera version 1.4.13 contains a remote code execution issue in the start app.sh script. Recommendations At the moment, there is no information about...

LSC Smart Connect Indoor IP Camera 安全漏洞

LSC Smart Connect Indoor IP Camera is an indoor IP camera driver from LSC Smart Connect. A security vulnerability exists in LSC Smart Connect Indoor IP Camera version 1.4.13, which stems from a remote code execution vulnerability in startapp.sh...

Xiongmai XM530 安全漏洞

Xiongmai XM530 is a video surveillance camera from the Chinese company Xiongmai. A security vulnerability exists in the Xiongmai XM530 IP cameras Firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06, which stems from an authentication bypass, and could lead to unauthorized, remote...

PT-2025-52721

Name of the Vulnerable Software and Affected Versions Xiongmai XM530 IP cameras version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 Description The GetStreamUri function exposes RTSP URIs that include hardcoded credentials, allowing unauthorized access to direct video streams. The affected devi...

CVE-2025-65817

CVE-2025-65817 : The LSC Smart Connect Indoor IP Camera (v1.4.13) exposes a remote code execution vulnerability in the start_app.sh script. CVSS v3.1 base score 8.8 (High) with adjacent attack vector, no privileges required, no user interaction, and impacts on confidentiality, integrity, and avai...

CVE-2025-14299

The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-352-01 Inductive Automation Ignition ICSA-25-352-02 Schneider Electric EcoStruxure Foxboro DCS Advisor...

Axis Communications Camera Station Pro, Camera Station, and Device Manager (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code, executing a man-in-middle style attack, or bypass authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

CVE-2025-47387 Untrusted Pointer Dereference in Camera

Memory Corruption when processing IOCTLs for JPEG data without verification...