4 matches found
EUVD-2026-36309
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed...
CVE-2019-25290
Smartliving SmartLAN/G/SI =6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through...
CVE-2019-25290
The CVE-2019-25290 entry documents an unauthenticated SSRF in Inim SmartLiving SmartLAN/G/SI (and G) via the GetImage endpoint, triggered by the host parameter in onvif.cgi. Affected software is SmartLAN/G/SI 6.x and earlier. The root cause is unvalidated/unchecked host input that allows external...
📄 Xiongmai XM530 IP Camera Hardcoded RTSP Credential Exposure
The GetStreamUri ONVIF endpoint in Xiongmai XM530-series IP cameras exposes RTSP URIs containing hardcoded credentials, enabling direct unauthorized access to live video streams. CVE-2025-65857 Xiongmai XM530 IP Camera Hardcoded RTSP Credentials Exposure --- Summary The GetStreamUri ONVIF endpoin...