Login Sign Up

CVE-2025-14746

4.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthenticated access to the RTSP live video stream endpoint in Ningyuanda TC155 version 57.0.2.0. Attackers on the same local network can view live camera feeds without credentials. This affects organizations using this specific IoT device version for surveillance.

💻 Affected Systems

Products:
  • Ningyuanda TC155
Versions: 57.0.2.0
Operating Systems: Embedded/IoT OS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the RTSP live video stream endpoint component. Requires device to be on a network with potential attackers.

📦 What is this software?

Tc155 Firmware by Shenzhenningyuandatechnology

View all CVEs affecting Tc155 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of surveillance privacy with unauthorized live video access, potential blackmail or reconnaissance for physical security breaches.

🟠

Likely Case

Unauthorized viewing of live camera feeds, privacy violation, potential recording of sensitive activities.

🟢

If Mitigated

Limited impact if network segmentation prevents local network access from untrusted devices.

🌐 Internet-Facing: LOW - Attack requires local network access according to description.
🏢 Internal Only: HIGH - Local network attackers can exploit without authentication, making internal threats significant.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit disclosed on GitHub, requires local network access. Simple authentication bypass technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider workarounds or replacement.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate TC155 devices on separate VLAN from general user networks

Firewall RTSP Port Blocking

linux

Block RTSP port (typically 554) access except from authorized monitoring systems

iptables -A INPUT -p tcp --dport 554 -j DROP
iptables -A INPUT -p udp --dport 554 -j DROP

🧯 If You Can't Patch

  • Physically isolate TC155 network segment with no other devices
  • Deploy network monitoring for RTSP traffic anomalies and unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Attempt to access RTSP stream without authentication from local network: rtsp://[device_ip]:554/live

Check Version:

Check device web interface or documentation for firmware version

Verify Fix Applied:

Verify authentication is required for RTSP stream access after implementing workarounds

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized RTSP connection attempts
  • Multiple failed authentication attempts to RTSP endpoint

Network Indicators:

  • RTSP traffic from unexpected source IPs
  • RTSP streams accessed without prior authentication

SIEM Query:

source_port=554 AND (NOT auth_success=true) OR (src_ip NOT IN authorized_monitoring_ips)

📊 Metadata

CVE ID: CVE-2025-14746
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-287
EPSS Score: 0.16% exploit probability (37th percentile)
Published: December 16, 2025
Last Updated: December 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14746, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)