CVE-2025-14749 MEDIUM

CVE-2025-14749: Ningyuanda TC155 ONVIF PTZ Control device_service access control

Vendor Ningyuanda

Product TC155

Weakness CWE-284

Published December 16, 2025

Last update December 16, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

December 16, 2025 CVE published

December 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-14749

Related vulnerabilities

CVE-2025-14749: Ningyuanda TC155 ONVIF PTZ Control device_service access control

01Description

02Disclosure timeline

03References

04Related CVE