CVE-2020-25748 - OpenCVE

A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rubetek	Rv-3406 Rv-3406 Firmware Rv-3409 Rv-3409 Firmware Rv-3411 Rv-3411 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:rubetek:rv-3406_firmware:339:::::::*
	cpe:2.3:o:rubetek:rv-3406_firmware:342:::::::*

cpe:2.3:h:rubetek:rv-3406:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:rubetek:rv-3409_firmware:339:::::::*
	cpe:2.3:o:rubetek:rv-3409_firmware:342:::::::*

cpe:2.3:h:rubetek:rv-3409:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:rubetek:rv-3411_firmware:339:::::::*
	cpe:2.3:o:rubetek:rv-3411_firmware:342:::::::*

cpe:2.3:h:rubetek:rv-3411:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/jet-pentest/CVE-2020-25748

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-25T03:17:31

Updated: 2024-08-04T15:40:36.942Z

Reserved: 2020-09-18T00:00:00

Link: CVE-2020-25748

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-25T04:23:05.107

Modified: 2020-10-08T16:41:03.963

Link: CVE-2020-25748

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-25T03:17:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/jet-pentest/CVE-2020-25748"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25748", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/jet-pentest/CVE-2020-25748", "refsource": "MISC", "url": "https://github.com/jet-pentest/CVE-2020-25748"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:40:36.942Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jet-pentest/CVE-2020-25748"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25748", "datePublished": "2020-09-25T03:17:31", "dateReserved": "2020-09-18T00:00:00", "dateUpdated": "2024-08-04T15:40:36.942Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rubetek:rv-3406_firmware:339:*:*:*:*:*:*:*", "matchCriteriaId": "57AF1900-5D42-45B9-9906-B1EBC933A064", "vulnerable": true}, {"criteria": "cpe:2.3:o:rubetek:rv-3406_firmware:342:*:*:*:*:*:*:*", "matchCriteriaId": "72F51EDA-EA7A-4E58-A071-A0D6F3AEC379", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rubetek:rv-3406:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0C29138-1CBA-4677-B494-AA5278632606", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rubetek:rv-3409_firmware:339:*:*:*:*:*:*:*", "matchCriteriaId": "B2BD4E56-46E1-4985-A46F-C9B4A374A17F", "vulnerable": true}, {"criteria": "cpe:2.3:o:rubetek:rv-3409_firmware:342:*:*:*:*:*:*:*", "matchCriteriaId": "EE539B49-BF73-4411-855D-69E02E6AD917", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rubetek:rv-3409:-:*:*:*:*:*:*:*", "matchCriteriaId": "93B04FD1-8EEF-4DDC-83A9-9F5390378D28", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rubetek:rv-3411_firmware:339:*:*:*:*:*:*:*", "matchCriteriaId": "183C8C01-1F30-40F5-BD9F-6D217EB1CD42", "vulnerable": true}, {"criteria": "cpe:2.3:o:rubetek:rv-3411_firmware:342:*:*:*:*:*:*:*", "matchCriteriaId": "C9ECA3AF-D4F0-4F8B-854C-0C63BB090E44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rubetek:rv-3411:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D54B518-140F-4933-A1C8-45A0A7B3F167", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values."}, {"lang": "es", "value": "Se detect\u00f3 un problema de Transmisi\u00f3n de Texto Sin Cifrar en las c\u00e1maras RV-3406, RV-3409 y RV-3411 de Rubetek (versiones de firmware v342, v339). Alguien en el medio puede interceptar y modificar los datos de video de la c\u00e1mara, que es transmitido en un formulario sin cifrar. Tambi\u00e9n se pueden modificar las respuestas de los servidores NTP y RTSP y forzar la c\u00e1mara para usar los valores modificados"}], "id": "CVE-2020-25748", "lastModified": "2020-10-08T16:41:03.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-25T04:23:05.107", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/jet-pentest/CVE-2020-25748"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}