Vulnerability Description
A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. This dashcam is distributed by multiple resellers and different names.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Noyafa | Lf9 Pro Firmware | <= 2025-06-11 |
| Noyafa | Lf9 Pro | - |
Related Weaknesses (CWE)
References
- https://github.com/geo-chen/LF9ExploitThird Party Advisory
- https://github.com/geo-chen/LF9?tab=readme-ov-file#finding-1-unauthenticated-accExploitThird Party Advisory
- https://vuldb.com/?ctiid.313651Permissions RequiredVDB Entry
- https://vuldb.com/?id.313651Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.595453Third Party AdvisoryVDB Entry
- https://github.com/geo-chen/LF9?tab=readme-ov-file#finding-1-unauthenticated-accExploitThird Party Advisory
FAQ
What is CVE-2025-6532?
CVE-2025-6532 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint....
How severe is CVE-2025-6532?
CVE-2025-6532 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6532?
Check the references section above for vendor advisories and patch information. Affected products include: Noyafa Lf9 Pro Firmware, Noyafa Lf9 Pro.