Ningyuanda TC155 CVE-2025-14748
LOWSeverity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Improper access controls in Ningyuanda TC155 firmware 57.0.2.0 ONVIF Device Management Service allows unauthenticated local network attackers to trigger a factory reset by manipulating the FactoryDefault argument with 'Hard' input, resulting in information disclosure and configuration loss. Publicly available exploit code exists; vendor has not responded to disclosure attempts.
Technical ContextAI
The vulnerability resides in the ONVIF (Open Network Video Interface Forum) Device Management Service implementation within the TC155 firmware, specifically the /onvif/device_service endpoint. ONVIF is a standardized protocol for IP-based physical security products including cameras and network video recorders. The root cause is classified as CWE-266 (Incorrect Privilege Assignment), indicating the service accepts privileged operations (factory reset) without proper authentication or authorization checks. The FactoryDefault parameter, when set to 'Hard', triggers a full device reset that clears stored configuration and potentially sensitive data. The TC155 is a network video recorder/camera device manufactured by Shenzhen Ningyuanda Technology, running firmware version 57.0.2.0.
RemediationAI
No vendor-released patch is available; Shenzhen Ningyuanda Technology has not provided a firmware update for this vulnerability. Network-based mitigation is the primary control: restrict access to the TC155 device to trusted networks only by implementing network segmentation (place TC155 on isolated VLAN with access control lists limiting inbound traffic to authorized management hosts only). Disable ONVIF Device Management Service if not required for operational use, or implement firewall rules blocking external access to port associated with /onvif/device_service endpoint (typically port 8080 or 8000 depending on configuration). Change default ONVIF credentials if the device supports authentication, though the vulnerability indicates authentication may be bypassed. Monitor network traffic for POST/GET requests to /onvif/device_service containing 'FactoryDefault=Hard' parameter as an intrusion detection signature. If the device supports firmware updates, check Shenzhen Ningyuanda Technology's official support channels regularly for a patched firmware release, though the vendor's non-response suggests this may not occur.
Share
External POC / Exploit Code
Leaving vuln.today