{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6531", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-23T14:15:52.828Z", "datePublished": "2025-06-23T23:31:06.122Z", "dateUpdated": "2025-06-26T14:39:22.401Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-23T23:31:06.122Z"}, "title": "SIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "SIFUSM", "product": "BD S1", "versions": [{"version": "20250611", "status": "affected"}], "modules": ["RTSP Live Video Stream Endpoint"]}, {"vendor": "MZZYG", "product": "BD S1", "versions": [{"version": "20250611", "status": "affected"}], "modules": ["RTSP Live Video Stream Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. This dashcam is distributed by multiple resellers and different names."}, {"lang": "de", "value": "In SIFUSM/MZZYG BD S1 bis 20250611 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente RTSP Live Video Stream Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR"}}], "timeline": [{"time": "2025-06-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-23T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-23T16:21:45.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "geochen (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.313648", "name": "VDB-313648 | SIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access control", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.313648", "name": "VDB-313648 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.595452", "name": "Submit #595452 | BD dashcam BD S1 Improper Access Controls", "tags": ["third-party-advisory"]}, {"url": "https://github.com/geo-chen/BD", "tags": ["related"]}, {"url": "https://github.com/geo-chen/BD?tab=readme-ov-file#finding-1-unauthenticated-access-of-livestream-and-download-of-video-recordings", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/geo-chen/BD", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-26T14:35:20.364444Z", "id": "CVE-2025-6531", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T14:39:22.401Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6531", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-26T14:35:20.364444Z"}}}], "references": [{"url": "https://github.com/geo-chen/BD", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T14:35:31.969Z"}}], "cna": {"title": "SIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access control", "credits": [{"lang": "en", "type": "reporter", "value": "geochen (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR"}}], "affected": [{"vendor": "SIFUSM", "modules": ["RTSP Live Video Stream Endpoint"], "product": "BD S1", "versions": [{"status": "affected", "version": "20250611"}]}, {"vendor": "MZZYG", "modules": ["RTSP Live Video Stream Endpoint"], "product": "BD S1", "versions": [{"status": "affected", "version": "20250611"}]}], "timeline": [{"lang": "en", "time": "2025-06-23T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-23T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-23T16:21:45.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.313648", "name": "VDB-313648 | SIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access control", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.313648", "name": "VDB-313648 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.595452", "name": "Submit #595452 | BD dashcam BD S1 Improper Access Controls", "tags": ["third-party-advisory"]}, {"url": "https://github.com/geo-chen/BD", "tags": ["related"]}, {"url": "https://github.com/geo-chen/BD?tab=readme-ov-file#finding-1-unauthenticated-access-of-livestream-and-download-of-video-recordings", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. This dashcam is distributed by multiple resellers and different names."}, {"lang": "de", "value": "In SIFUSM/MZZYG BD S1 bis 20250611 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente RTSP Live Video Stream Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-23T23:31:06.122Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6531", "state": "PUBLISHED", "dateUpdated": "2025-06-26T14:39:22.401Z", "dateReserved": "2025-06-23T14:15:52.828Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-23T23:31:06.122Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. This dashcam is distributed by multiple resellers and different names."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en SIFUSM/MZZYG BD S1 hasta la versi\u00f3n 20250611. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del componente RTSP Live Video Stream Endpoint. La manipulaci\u00f3n genera controles de acceso inadecuados. Se requiere acceso a la red local para que este ataque tenga \u00e9xito. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Esta c\u00e1mara para salpicadero se distribuye por varios distribuidores y con diferentes nombres."}], "id": "CVE-2025-6531", "lastModified": "2025-06-26T18:58:14.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-24T00:15:25.917", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/geo-chen/BD"}, {"source": "cna@vuldb.com", "url": "https://github.com/geo-chen/BD?tab=readme-ov-file#finding-1-unauthenticated-access-of-livestream-and-download-of-video-recordings"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.313648"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.313648"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.595452"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/geo-chen/BD"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}