All CISA Advisories, EN

Apeman Cameras

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to take control of the device or view camera feeds.

The following versions of Apeman Cameras are affected:

  • ID71 vers:all/* (CVE-2025-11126, CVE-2025-11851, CVE-2025-11852)
CVSS Vendor Equipment Vulnerabilities
v3 9.8 Apeman Apeman Cameras Insufficiently Protected Credentials, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Missing Authentication for Critical Function

Background

  • Critical Infrastructure Sectors: Commercial Facilities
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: China

Vulnerabilities

Expand All +

CVE-2025-11126

A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

View CVE Details

Affected Products

Apeman Cameras
Vendor:
Apeman
Product Version:
Apeman ID71: vers:all/*
Product Status:
known_affected
Remediations

Mitigation
Apeman did not respond to CISAs request for coordination. Users are encouraged to reach out to Apeman for support https://apemans.com/pages/contactus

Relevant CWE: CWE-522 Insufficiently Protected Credentials

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-11851

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

View CVE Details

Affected Products

Apeman Cameras
Vendor:
Apeman
Product Version:
Apeman ID71: vers:all/*
Product Status:
known_affected
Remediations

Mitigation
Apeman did not respond to CISAs request for coordination. Users are encouraged to reach out to Apeman for support https://apemans.com/pages/contactus

Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article: