CVE-2025-24517
📋 TL;DR
A client-side authentication vulnerability in CHOCO TEI WATCHER mini (IB-MCT001) allows remote attackers to obtain the product's login password without authentication. This affects all versions of the device, potentially compromising camera security and surveillance systems.
💻 Affected Systems
- CHOCO TEI WATCHER mini (IB-MCT001)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to cameras, enabling remote surveillance, disabling recording, or using devices as network footholds for lateral movement.
Likely Case
Unauthorized access to camera feeds and settings, potentially disrupting production line monitoring and security operations.
If Mitigated
Limited impact if devices are isolated in segmented networks with strict access controls and monitoring.
🎯 Exploit Status
The vulnerability allows password extraction without authentication, making exploitation straightforward once identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None available
Vendor Advisory: https://www.inaba.co.jp/files/chocomini_vulnerability.pdf
Restart Required: No
Instructions:
No official patch exists. Follow workarounds and mitigation steps below.
🔧 Temporary Workarounds
Network Segmentation
allIsolate cameras in dedicated VLANs with strict firewall rules preventing external access.
Access Control Lists
allImplement IP-based restrictions allowing only authorized management systems to communicate with cameras.
🧯 If You Can't Patch
- Deploy network monitoring to detect unusual authentication attempts or password extraction patterns.
- Consider replacing vulnerable devices with patched alternatives if available from vendor.
🔍 How to Verify
Check if Vulnerable:
Check device model and firmware version via web interface or documentation. All IB-MCT001 devices are vulnerable.Check Version:
Access device web interface and check system information page.Verify Fix Applied:
No fix available to verify. Verify workarounds by testing network isolation and access controls.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts from unexpected IPs
- Multiple failed login attempts followed by successful access
Network Indicators:
- HTTP requests to authentication endpoints from unauthorized sources
- Unusual outbound traffic from cameras
SIEM Query:
source_ip IN (camera_ips) AND (http_uri CONTAINS 'login' OR http_uri CONTAINS 'auth') AND NOT dest_ip IN (authorized_management_ips)🔗 References
- https://jvn.jp/en/vu/JVNVU91154745/
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04
- https://www.inaba.co.jp/files/chocomini_vulnerability.pdf
- https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording
