HIGH🇵🇱 Wersja polska

CVE-2025-65857

CVSS 7.5v3.1pub. 2025-12-22upd. 2026-07-05

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Xiongmaitech Xm530v200 X6 Weq 8m

    HW
    Xiongmaitech
    wszystkie wersje
  • Xiongmaitech Xm530v200 X6 Weq 8m Firmware

    OS
    Xiongmaitech
    5.00.r02.000807d8.10010.346624.s.onvif_21.06
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-65856CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w kamerach IP Xiongmai XM530 — dostęp bez uwierzytelnienia

CVE-2022-45460CRITICAL9.8ten sam vendor

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02....

CVE-2021-41506CRITICAL9.8ten sam vendor

Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-...

CVE-2020-22253CRITICAL9.8ten sam vendor

Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7...

CVE-2018-17915CRITICAL9.8ten sam vendor

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communi...