Is there a public PoC exploit available for CVE-2025-14749?

Yes, a public proof-of-concept exploit is available for CVE-2025-14749. Prioritise patching immediately. EPSS: 0.0%.

Ningyuanda TC155 CVE-2025-14749

Q: What is the CVSS score of CVE-2025-14749?

CVE-2025-14749 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Incorrect Privilege Assignment (CWE-266)

2025-12-16 cna@vuldb.com

Information Disclosure Tc155 Firmware

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:48 vuln.today

DescriptionCVE.org

A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper access controls in Ningyuanda TC155 firmware 57.0.2.0 ONVIF PTZ Control Interface (/onvif/device_service) allow unauthenticated local network attackers to gain unauthorized access with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; the vendor has not responded to disclosure efforts despite early contact.

Technical ContextAI

The vulnerability resides in the ONVIF (Open Network Video Interface Forum) PTZ (Pan-Tilt-Zoom) Control Interface, a standardized protocol for controlling network cameras and video devices. The affected component is the /onvif/device_service endpoint in TC155 firmware 57.0.2.0. The root cause is classified as CWE-266 (Improper Privilege Management / Improper Access Control), indicating that the service fails to properly enforce authorization checks on requests to sensitive device control functions. ONVIF services are typically accessed over local networks (AV:A per CVSS vector), and the lack of authentication requirements (PR:N) combined with low access complexity (AC:L) suggests the service accepts unauthenticated requests without validating caller privileges.

RemediationAI

No vendor-released patch identified at time of analysis due to non-responsive vendor. Primary mitigation is network segmentation: restrict access to the TC155 device's ONVIF services (/onvif/device_service) to trusted local network subnets only, blocking access from untrusted networks and wireless segments via firewall or network ACLs. Disable ONVIF services entirely if PTZ control is not required; check the device's administrative interface for a setting to disable ONVIF or restrict it to specific authorized IPs. If the device supports authentication, configure and enforce strong credentials for ONVIF access (though the CVE description suggests authentication may be absent or bypassable). Monitor network traffic to the device for suspicious ONVIF requests. Consider isolating the TC155 on a dedicated IoT network segment with no direct access from general workstations or the internet. Given vendor non-responsiveness, regular monitoring of the device manufacturer's website and security advisories is essential in case a silent patch is released.

CVE-2025-14749 vulnerability details – vuln.today

Back