1. EXECUTIVE SUMMARY
- CVSS v4 7.0
- ATTENTION: Low attack complexity
- Vendor: iCam365
- Equipment: P201 and QC021
- Vulnerabilities: Missing Authentication for Critical Function
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video streams and camera configuration data.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following iCam365 camera model is affected:
- ROBOT PT Camera P201: Versions 43.4.0.0 and prior
- Night Vision Camera QC021: Versions 43.4.0.0 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 Missing Authentication for Critical Function CWE-306
The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
CVE-2025-64770 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).
A CVSS v4 score has also been calculated for CVE-2025-64770. A base score of 7.0 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N).
3.2.2 Missing Authentication for Critical Function CWE-306
The affected product allows unauthenticated access to R
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: