CVE-2020-25749

Severity CVSS v4.0:
Pending analysis
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
25/09/2020
Last modified:
08/10/2020

Description

The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:rubetek:rv-3406_firmware:339:*:*:*:*:*:*:*
cpe:2.3:o:rubetek:rv-3406_firmware:342:*:*:*:*:*:*:*
cpe:2.3:h:rubetek:rv-3406:-:*:*:*:*:*:*:*
cpe:2.3:o:rubetek:rv-3409_firmware:339:*:*:*:*:*:*:*
cpe:2.3:o:rubetek:rv-3409_firmware:342:*:*:*:*:*:*:*
cpe:2.3:h:rubetek:rv-3409:-:*:*:*:*:*:*:*
cpe:2.3:o:rubetek:rv-3411_firmware:339:*:*:*:*:*:*:*
cpe:2.3:o:rubetek:rv-3411_firmware:342:*:*:*:*:*:*:*
cpe:2.3:h:rubetek:rv-3411:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools