Skip to main content

EUVDEUVD-2025-209095

| CVE-2025-69986 HIGH
Improper Input Validation (CWE-20)
2026-03-27 mitre GHSA-49jc-jpfq-h27g
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 27, 2026 - 14:30 euvd
EUVD-2025-209095
Analysis Generated
Mar 27, 2026 - 14:30 vuln.today
CVE Published
Mar 27, 2026 - 00:00 nvd
HIGH 7.2

DescriptionCVE.org

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an attacker can overflow the stack buffer, overwriting the return instruction pointer (RIP). This vulnerability allows for Denial of Service (DoS) via device crash or Remote Code Execution (RCE) in the context of the ONVIF service.

AnalysisAI

Stack buffer overflow in LSC Indoor Camera V7.6.32 ONVIF GetStreamUri function allows unauthenticated remote attackers to cause denial of service or execute arbitrary code by sending a crafted SOAP request with an oversized Protocol parameter in the Transport element, bypassing input validation and corrupting the stack return instruction pointer.

Technical ContextAI

The vulnerability exists in the ONVIF (Open Network Video Interface Forum) protocol implementation, specifically the GetStreamUri SOAP service endpoint used by network cameras for streaming configuration. ONVIF is a standardized XML/SOAP-based protocol for IP video device communication. The root cause is improper input validation of the Protocol parameter within the Transport XML element during SOAP message parsing. The vulnerable code fails to enforce length restrictions before copying user-supplied Protocol string data into a fixed-size stack buffer, creating a classic buffer overflow (CWE category: improper restriction of operations within the bounds of a memory buffer). LSC Indoor Camera V7.6.32 is the confirmed affected version. The ONVIF service typically listens on network-accessible ports, making the attack surface accessible to any network-connected attacker without prior authentication.

RemediationAI

Immediate action: Restrict network access to the ONVIF service port (typically TCP 8080, 8000, or 554) using firewall rules, limiting exposure to trusted administrative networks only. Disable ONVIF service entirely if not required. Long-term: Check LSC vendor channels and the referenced GitHub repository for patched firmware versions, and upgrade when available. Until patches are released, employ network segmentation to isolate affected cameras on a dedicated VLAN with strict access controls, and consider deploying a reverse proxy with input validation/WAF rules to filter oversized Protocol parameters in SOAP requests. Monitor device logs for unusual ONVIF service crashes or errors that may indicate exploitation attempts. Contact LSC support for security update status and expected remediation timeline.

Share

EUVD-2025-209095 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy