| Title | Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated ONVIF PTZ Full Remote Camera Control |
|---|
| Description | The TC155 IP Camera exposes its ONVIF PTZ control interface without requiring any form of authentication. The PTZ service endpoint (/onvif/device_service) is active and accepts movement commands from any network peer.
An unauthenticated attacker on the same network segment can issue ContinuousMove actions against the camera’s PTZ motor. This allows repositioning the camera to redirect or suppress its field of view, bypass surveillance coverage, or force persistent disorientation of the device.
The vulnerability exists due to the firmware accepting PTZ SOAP requests without validating the requester’s identity or enforcing profile‑level capability checks. |
|---|
| Source | ⚠️ https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-PTZ-Remote-Control.md |
|---|
| User | keroomi (UID 62127) |
|---|
| Submission | 12/05/2025 11:52 (6 months ago) |
|---|
| Moderation | 12/15/2025 21:39 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 336522 [Ningyuanda TC155 57.0.2.0 ONVIF PTZ Control Interface /onvif/device_service access control] |
|---|
| Points | 20 |
|---|