Ningyuanda TC155 ONVIF Device Management Service device_service access control

5.3 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-14748

Source VulDB

Published Dec 16, 2025 at 03:02

Affected Product

Vendor Ningyuanda

Product TC155

Version 57.0.2.0

Affected Versions Ningyuanda TC155 57.0.2.0

CWE Classification

CWE-284 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-16T03:02:08.269Z",
    "modified": "2025-12-16T03:02:08.269Z",
    "type": "cve",
    "title": "Ningyuanda TC155 ONVIF Device Management Service device_service access control",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336521\nhttps://vuldb.com/?ctiid.336521\nhttps://vuldb.com/?submit.707197\nhttps://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-Hard-Reset.md",
    "id": "CVE-2025-14748",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Ningyuanda TC155 57.0.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TC155",
    "version": "57.0.2.0",
    "vendor": "Ningyuanda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Ningyuanda TC155 ONVIF Device Management Service device_service access control_CVE-2025-14748