Soumettre #707198: Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated ONVIF PTZ Full Remote Camera Controlinformation

TitreShenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated ONVIF PTZ Full Remote Camera Control
DescriptionThe TC155 IP Camera exposes its ONVIF PTZ control interface without requiring any form of authentication. The PTZ service endpoint (/onvif/device_service) is active and accepts movement commands from any network peer. An unauthenticated attacker on the same network segment can issue ContinuousMove actions against the camera’s PTZ motor. This allows repositioning the camera to redirect or suppress its field of view, bypass surveillance coverage, or force persistent disorientation of the device. The vulnerability exists due to the firmware accepting PTZ SOAP requests without validating the requester’s identity or enforcing profile‑level capability checks.
La source⚠️ https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-PTZ-Remote-Control.md
Utilisateur
 keroomi (UID 62127)
Soumission05/12/2025 11:52 (il y a 7 mois)
Modérer15/12/2025 21:39 (10 days later)
StatutAccepté
Entrée VulDB336522 [Ningyuanda TC155 57.0.2.0 ONVIF PTZ Control Interface /onvif/device_service élévation de privilèges]
Points20

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>