CVE-2020-25749
high-risk
Published 2020-09-25
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
Do I need to act?
~
3.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (6)
Rv-3406 Firmware
Rv-3406 Firmware
Rv-3409 Firmware
Rv-3409 Firmware
Rv-3411 Firmware
Rv-3411 Firmware
Affected Vendors
References (2)
Third Party Advisory
https://github.com/jet-pentest/CVE-2020-25749
Third Party Advisory
https://github.com/jet-pentest/CVE-2020-25749
52
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
7/34 · Low
Exposure
13/34 · Low