CVE-2020-25748
Severity CVSS v4.0:
Pending analysis
Type:
CWE-319
Cleartext Transmission of Sensitive Information
Publication date:
25/09/2020
Last modified:
08/10/2020
Description
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:rubetek:rv-3406_firmware:339:*:*:*:*:*:*:* | ||
| cpe:2.3:o:rubetek:rv-3406_firmware:342:*:*:*:*:*:*:* | ||
| cpe:2.3:h:rubetek:rv-3406:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:rubetek:rv-3409_firmware:339:*:*:*:*:*:*:* | ||
| cpe:2.3:o:rubetek:rv-3409_firmware:342:*:*:*:*:*:*:* | ||
| cpe:2.3:h:rubetek:rv-3409:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:rubetek:rv-3411_firmware:339:*:*:*:*:*:*:* | ||
| cpe:2.3:o:rubetek:rv-3411_firmware:342:*:*:*:*:*:*:* | ||
| cpe:2.3:h:rubetek:rv-3411:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page