exploitDog

CVE-2025-65857

Опубликовано: 22 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

Ссылки

http://hangzhou.com
Permissions Required
http://ip.com
Not Applicable
https://luismirandaacebedo.github.io/CVE-2025-65857/
Exploit
Third Party Advisory
Mitigation

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:xiongmaitech:xm530v200_x6-weq_8m_firmware:5.00.r02.000807d8.10010.346624.s.onvif_21.06:*:*:*:*:*:*:*

cpe:2.3:h:xiongmaitech:xm530v200_x6-weq_8m:-:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00056

Низкий

7.5 High

CVSS3

Дефекты

CWE-359

Связанные уязвимости

GHSA-3gw2-m37j-rx57

CVSS3: 7.5

github

около 2 месяцев назад

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

EPSS

Процентиль: 18%

0.00056

Низкий

7.5 High

CVSS3

Дефекты

CWE-359