Is there a public PoC exploit available for CVE-2025-14747?

Yes, a public proof-of-concept exploit is available for CVE-2025-14747. Prioritise patching immediately. EPSS: 0.1%.

Ningyuanda TC155 CVE-2025-14747

Q: What is the CVSS score of CVE-2025-14747?

CVE-2025-14747 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Improper Resource Shutdown or Release (CWE-404)

2025-12-16 cna@vuldb.com

Denial Of Service Tc155 Firmware

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:38 vuln.today

DescriptionCVE.org

A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted element is an unknown function of the component RTSP Service. Performing manipulation results in denial of service. The attack must originate from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Denial of service in Ningyuanda TC155 firmware 57.0.2.0 via malformed RTSP requests to an unauthenticated RTSP service allows local network attackers to crash or degrade the device without authentication. Publicly available exploit code exists; the vendor did not respond to early disclosure notification. CVSS score of 2.1 reflects the low severity due to limited attack surface (local network only) and availability impact alone, but real-world risk depends on device deployment context and exposure to untrusted local networks.

Technical ContextAI

The TC155 is an IoT device running firmware version 57.0.2.0 that includes an RTSP (Real Time Streaming Protocol) service. The vulnerability exists in an unknown function within the RTSP service component and is triggered by crafted or malformed RTSP protocol messages, specifically malformed DESCRIBE requests as indicated by the public advisory. CWE-404 (Improper Resource Validation) suggests the RTSP parser fails to properly validate or handle unexpected input, leading to a crash or resource exhaustion condition. The affected product is identified by CPE cpe:2.3:o:shenzhenningyuandatechnology:tc155_firmware:57.0.2.0, indicating this is a firmware-level vulnerability on the Ningyuanda TC155 device.

RemediationAI

No vendor-released patch has been identified; the vendor did not respond to early disclosure notification. Immediate mitigation options include: (1) Network segmentation - isolate TC155 devices to trusted VLANs and restrict adjacent network access using ACLs, blocking untrusted local access to the RTSP service port (typically 554); (2) Disable RTSP service if not required for device operation, via device configuration or firmware settings; (3) Monitor for unexpected RTSP traffic patterns or service crashes using network-based IDS or device health checks; (4) Contact Ningyuanda directly to request a patched firmware version and escalate the vendor response timeline. Organizations unable to apply network controls should consider replacing the device with an alternative that receives active security support. Given the vendor's non-responsiveness, firmware updates may not be forthcoming; long-term mitigation strategy should assume this device will not receive a fix.

CVE-2025-14747 vulnerability details – vuln.today

Back