| عنوان | Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated ONVIF PTZ Full Remote Camera Control |
|---|
| الوصف | The TC155 IP Camera exposes its ONVIF PTZ control interface without requiring any form of authentication. The PTZ service endpoint (/onvif/device_service) is active and accepts movement commands from any network peer.
An unauthenticated attacker on the same network segment can issue ContinuousMove actions against the camera’s PTZ motor. This allows repositioning the camera to redirect or suppress its field of view, bypass surveillance coverage, or force persistent disorientation of the device.
The vulnerability exists due to the firmware accepting PTZ SOAP requests without validating the requester’s identity or enforcing profile‑level capability checks. |
|---|
| المصدر | ⚠️ https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-PTZ-Remote-Control.md |
|---|
| المستخدم | keroomi (UID 62127) |
|---|
| ارسال | 05/12/2025 11:52 AM (7 أشهر منذ) |
|---|
| الاعتدال | 15/12/2025 09:39 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 336522 [Ningyuanda TC155 57.0.2.0 ONVIF PTZ Control Interface /onvif/device_service تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|