CVE-2025-6524

LOW

70mai 1S <20250611 - Improper Authentication

Title source: llm

Description

A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry

https://vuldb.com/?id.313641

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.313641

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.595444

Various Sources exploit

https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream

View Writeup ZIP pw:eip

Scores

CVSS v3 3.1

EPSS 0.0007

EPSS Percentile 22.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (1)

70mai/1S 20250611

Published Jun 23, 2025

Tracked Since Feb 18, 2026