CVE-2025-14748 – This vulnerability in Ningyuanda TC155 57.0.2.0... (How to Fix)

Q: What is the severity of CVE-2025-14748?

CVE-2025-14748 has a CVSS score of 5.4 (MEDIUM). This vulnerability in Ningyuanda TC155 57.0.2.0 allows attackers on the local network to perform unauthorized factory resets via the ONVIF Device Management Service. By manipulating the FactoryDefault argument with 'Hard' input, attackers can bypass access controls and reset the device to factory settings. This affects organizations using vulnerable TC155 devices on their networks.

📋 TL;DR

This vulnerability in Ningyuanda TC155 57.0.2.0 allows attackers on the local network to perform unauthorized factory resets via the ONVIF Device Management Service. By manipulating the FactoryDefault argument with 'Hard' input, attackers can bypass access controls and reset the device to factory settings. This affects organizations using vulnerable TC155 devices on their networks.

💻 Affected Systems

Products:

Ningyuanda TC155

Versions: 57.0.2.0

Operating Systems: Embedded system

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with ONVIF Device Management Service enabled and accessible on local network.

📦 What is this software?

Tc155 Firmware by Shenzhenningyuandatechnology

View all CVEs affecting Tc155 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device reset causing service disruption, loss of configuration, and potential device compromise requiring physical reconfiguration.

🟠

Likely Case

Unauthorized factory reset leading to service downtime and configuration loss requiring administrative intervention.

🟢

If Mitigated

No impact if proper network segmentation and access controls prevent local network access to vulnerable devices.

🌐 Internet-Facing: LOW - Attack requires local network access, not directly exploitable from the internet.

🏢 Internal Only: HIGH - Attackers on the local network can exploit this without authentication to disrupt device functionality.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires simple HTTP request to /onvif/device_service endpoint with specific parameter manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider workarounds or device replacement.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate TC155 devices on separate VLAN or network segment to prevent unauthorized local network access.

Firewall Rules

all

Block access to ONVIF service ports (typically 80, 443, 8080) from untrusted networks and devices.

🧯 If You Can't Patch

Physically isolate vulnerable devices on separate network segments
Implement strict network access controls and monitor for unauthorized reset attempts

🔍 How to Verify

Check if Vulnerable:

Test if HTTP POST request to /onvif/device_service with FactoryDefault=Hard parameter triggers factory reset without authentication.

Check Version:

Check device web interface or documentation for firmware version information.

Verify Fix Applied:

Verify same request fails or requires authentication after implementing network controls.

📡 Detection & Monitoring

Log Indicators:

Unexpected factory reset events
Unauthorized access to ONVIF endpoints
HTTP POST requests to /onvif/device_service with FactoryDefault parameter

Network Indicators:

HTTP traffic to device ONVIF service with reset parameters
Unusual device reconfiguration patterns

SIEM Query:

source_ip=* dest_ip=TC155_IP http_method=POST uri_path="/onvif/device_service" http_query="*FactoryDefault=Hard*"

📊 Metadata

CVE ID: CVE-2025-14748

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-266

EPSS Score: 0.13% exploit probability (32.2th percentile)

Published: December 16, 2025

Last Updated: December 18, 2025

🔗 References

https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-Hard-Reset.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.336521 Permissions Required,VDB Entry
https://vuldb.com/?id.336521 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.707197 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14748, you might also want to check these: