CVE-2025-24852
📋 TL;DR
This vulnerability in CHOCO TEI WATCHER mini cameras allows attackers who gain physical access to the device's microSD card to recover stored login passwords. All versions of the IB-MCT001 model are affected, potentially compromising camera security and surveillance integrity.
💻 Affected Systems
- CHOCO TEI WATCHER mini (IB-MCT001)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain administrative credentials, gain full control of surveillance cameras, disable recording, manipulate footage, or use cameras as network footholds.
Likely Case
Local attackers with physical access extract passwords to compromise individual cameras, potentially accessing live feeds or stored recordings.
If Mitigated
With proper physical security controls preventing microSD card access, the vulnerability cannot be exploited despite its presence.
🎯 Exploit Status
Exploitation requires physical access to extract and analyze microSD card contents; no remote exploitation possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None
Vendor Advisory: https://www.inaba.co.jp/files/chocomini_vulnerability.pdf
Restart Required: No
Instructions:
No official patch exists. Vendor recommends physical security measures and monitoring for firmware updates.
🔧 Temporary Workarounds
Physical Security Enhancement
allSecure cameras in tamper-resistant enclosures to prevent physical access to microSD cards.
Remove microSD Cards
allIf local storage not required, remove microSD cards entirely to eliminate attack vector.
🧯 If You Can't Patch
- Implement strict physical access controls to camera locations
- Monitor camera logs for unauthorized access attempts and review footage regularly
🔍 How to Verify
Check if Vulnerable:
Check device model is IB-MCT001; all versions are vulnerable. No technical verification needed beyond model identification.Check Version:
Check device label or web interface for model IB-MCT001Verify Fix Applied:
No fix available to verify; monitor vendor communications for firmware updates.📡 Detection & Monitoring
Log Indicators:
- Failed login attempts from new locations
- Configuration changes without authorization
Network Indicators:
- Unusual camera network traffic patterns
- Connections from unexpected IP addresses
SIEM Query:
DeviceType="Camera" AND (EventType="Authentication Failure" OR EventType="Configuration Change")🔗 References
- https://jvn.jp/en/vu/JVNVU91154745/
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04
- https://www.inaba.co.jp/files/chocomini_vulnerability.pdf
- https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording
