1. Home
  2. CVE Database
  3. CVE-2020-25749
CRITICAL · 9.8

CVE-2020-25749

The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged acco...

Vulnerability Description

The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
RubetekRv-3406 Firmware339
RubetekRv-3406-
RubetekRv-3409 Firmware339
RubetekRv-3409-
RubetekRv-3411 Firmware339
RubetekRv-3411-

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2020-25749?

CVE-2020-25749 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged acco...

How severe is CVE-2020-25749?

CVE-2020-25749 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-25749?

Check the references section above for vendor advisories and patch information. Affected products include: Rubetek Rv-3406 Firmware, Rubetek Rv-3406, Rubetek Rv-3409 Firmware, Rubetek Rv-3409, Rubetek Rv-3411 Firmware.