Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Unauthenticated network request retrieves live video (AV:N/PR:N/UI:N, C:H); no integrity or availability impact and no scope change, so I:N/A:N/S:U.
Primary rating from Vendor (Genetec).
CVSS VectorVendor: Genetec
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams.
AnalysisAI
Unauthenticated video stream access in Genetec Security Center 5.14.0.0 (builds prior to 5.14.178.18) lets remote attackers pull live video feeds by exploiting a flaw in the authentication mechanism that guards video stream requests. Because the CVSS vector is AV:N/PR:N/UI:N, no credentials or user interaction are needed, and the CWE-287 root cause means the stream endpoint fails to properly verify the requester's identity. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the live video retrieval / stream service of a Genetec Security Center 5.14.0.0 deployment on a build earlier than 5.14.178.18; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication and no user interaction are needed, so an attacker who can reach the streaming endpoint can request feeds directly. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are partially available and moderately consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to the Security Center video services sends a crafted video stream request that omits or spoofs the expected authentication step, and the server returns a live feed without validating the requester's identity. Because no credentials or user interaction are required (AV:N/PR:N/UI:N), an insider on the security VLAN - or anyone who can reach the streaming port through a misconfigured firewall - could silently watch camera feeds. … |
| Remediation | Upgrade Genetec Security Center 5.14.0.0 to build 5.14.178.18 or later, which is the vendor-fixed build (Vendor-released patch: 5.14.178.18); consult the Genetec advisory at https://resources.genetec.com/security-advisories/vulnerability-affecting-live-video-retrieval-in-security-center-5-14-0-0 for the exact download and any build-specific guidance. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all Genetec Security Center deployments to identify vulnerable builds (5.14.0.0 through 5.14.178.17); immediately restrict network access to video stream endpoints to trusted administrative networks only via firewall rules. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Genetec Security Center
View allLocal credential exposure in Genetec Security Center main server installations allows an attacker with local OS privileg
SQL injection in Genetec Security Center's Access Manager role enables a remote attacker with high privileges to achieve
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41923
GHSA-3hmc-px3x-2cjr