CVE-2020-25747

CRITICAL

Rubetek RV-3406, RV-3409, and RV-3411 Firmware v339, v342 - Unauthenticated Access to RTSP and ONFIV Services

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25747. PoCs published by jet-pentest.

AI-analyzed exploit summary This repository contains a writeup describing CVE-2020-25747, an incorrect access control vulnerability in Rubetek cameras (RV-3406, RV-3409, RV-3411) that allows unauthenticated access to RTSP and ONVIF services. No exploit code is provided, only a detailed description of the vulnerability and its impact.

Description

The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.

Exploits (1)

nomisec WRITEUP 1 stars
by jet-pentest · poc
https://github.com/jet-pentest/CVE-2020-25747

This repository contains a writeup describing CVE-2020-25747, an incorrect access control vulnerability in Rubetek cameras (RV-3406, RV-3409, RV-3411) that allows unauthenticated access to RTSP and ONVIF services. No exploit code is provided, only a detailed description of the vulnerability and its impact.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Rubetek RV-3406, RV-3409, RV-3411 cameras (firmware v339, v342)
No auth needed
Prerequisites: Network access to the affected camera
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/jet-pentest/CVE-2020-25747

Scores

CVSS v3 9.4
EPSS 0.0183
EPSS Percentile 76.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Details

CWE
CWE-306
Status published
Products (6)
rubetek/rv-3406_firmware 339
rubetek/rv-3406_firmware 342
rubetek/rv-3409_firmware 339
rubetek/rv-3409_firmware 342
rubetek/rv-3411_firmware 339
rubetek/rv-3411_firmware 342
Published Sep 25, 2020
Tracked Since Feb 18, 2026