| 제목 | Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated ONVIF PTZ Full Remote Camera Control |
|---|
| 설명 | The TC155 IP Camera exposes its ONVIF PTZ control interface without requiring any form of authentication. The PTZ service endpoint (/onvif/device_service) is active and accepts movement commands from any network peer.
An unauthenticated attacker on the same network segment can issue ContinuousMove actions against the camera’s PTZ motor. This allows repositioning the camera to redirect or suppress its field of view, bypass surveillance coverage, or force persistent disorientation of the device.
The vulnerability exists due to the firmware accepting PTZ SOAP requests without validating the requester’s identity or enforcing profile‑level capability checks. |
|---|
| 원천 | ⚠️ https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-PTZ-Remote-Control.md |
|---|
| 사용자 | keroomi (UID 62127) |
|---|
| 제출 | 2025. 12. 05. AM 11:52 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 15. PM 09:39 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336522 [Ningyuanda TC155 57.0.2.0 ONVIF PTZ Control Interface /onvif/device_service 권한 상승] |
|---|
| 포인트들 | 20 |
|---|