CVE-2020-25749

EIP tracks 1 public exploit for CVE-2020-25749. PoCs published by jet-pentest.

AI-analyzed exploit summary This repository contains a writeup describing CVE-2020-25749, a hard-coded credentials vulnerability in Rubetek cameras (RV-3406, RV-3409, RV-3411) running firmware versions v339 and v342. The vulnerability allows remote attackers to gain root access via Telnet using static credentials.

The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.