CVE Details
Basic Information
| Title | NOYAFA/Xiami LF9 Pro RTSP Live Video Stream Endpoint access control |
|---|---|
| Type | cve |
| Published | 2025-06-24T00:00:08.696Z |
| Last Seen |
Product Information
| Vendor | NOYAFA |
|---|---|
| Product | LF9 Pro |
| Version | 20250611 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in the RTSP Live Video Stream Endpoint of the NOYAFA/Xiami LF9 Pro dashcam allows unauthorized access to live video streams and recorded videos over the local network. |
|---|---|
| AI Severity | Medium |
| Vendor | F5 |
| Product | NOYAFA/Xiami LF9 Pro |
| Affected Version | 20250611 |
Affected Products
- NOYAFA LF9 Pro 20250611
- Xiami LF9 Pro 20250611
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-284, CWE-266 |
| Bulletin Family |
References
Description
A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. This dashcam is distributed by multiple resellers and different names.