CVE-2025-14748 | Ningyuanda TC155 57.0.2.0 ONVIF Device Management Service /onvif/device_service FactoryDefault access control

A vulnerability, which was classified as critical, was found in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls.

This vulnerability is registered as CVE-2025-14748. The attack requires access to the local network. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14748 | Ningyuanda TC155 57.0.2.0 ONVIF Device Management Service /onvif/device_service FactoryDefault access control

Post correlati

CVE-2024-7216 | TOTOLINK LR1200 9.3.1cu.2832 /etc/shadow.sample hard-coded password

CVE-2024-1985 | Simple Membership Plugin up to 4.4.2 on WordPress cross site scripting

CVE-2025-12744 | ABRT up to 2.17.6 os command injection

CVE-2024-40494 | Keith Cullen FreeCoAP Packet coap_msg.c stack-based overflow