CVE-2020-25747

CRITICAL

Rubetek Rv-3406 Firmware - Missing Authentication

Title source: rule

Description

The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.

Exploits (1)

nomisec WRITEUP 1 stars

by jet-pentest · poc

https://github.com/jet-pentest/CVE-2020-25747

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/jet-pentest/CVE-2020-25747

Scores

CVSS v3 9.4

EPSS 0.0215

EPSS Percentile 84.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Details

CWE

CWE-306

Status published

Products (6)

rubetek/rv-3406_firmware 339

rubetek/rv-3406_firmware 342

rubetek/rv-3409_firmware 339

rubetek/rv-3409_firmware 342

rubetek/rv-3411_firmware 339

rubetek/rv-3411_firmware 342

Published Sep 25, 2020

Tracked Since Feb 18, 2026