CVE-2020-25749

CRITICAL

Rubetek Rv-3406 Firmware - Hard-coded Credentials

Title source: rule

Description

The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.

Exploits (1)

nomisec WRITEUP 1 stars

by jet-pentest · poc

https://github.com/jet-pentest/CVE-2020-25749

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/jet-pentest/CVE-2020-25749

Scores

CVSS v3 9.8

EPSS 0.0394

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (6)

rubetek/rv-3406_firmware 339

rubetek/rv-3406_firmware 342

rubetek/rv-3409_firmware 339

rubetek/rv-3409_firmware 342

rubetek/rv-3411_firmware 339

rubetek/rv-3411_firmware 342

Published Sep 25, 2020

Tracked Since Feb 18, 2026