ByteOS Network

Vulnerability Details :

CVE-2025-6524

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-23 Jun, 2025 | 21:00

Updated At-24 Jun, 2025 | 17:14

70mai 1S Video Services improper authentication

A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:23 Jun, 2025 | 21:00

Updated At:24 Jun, 2025 | 17:14

▼CVE Numbering Authority (CNA)

70mai 1S Video Services improper authentication

Affected Products

Vendor

70mai

Product

Modules

Video Services

Versions

Affected

20250611

Problem Types

Type	CWE ID	Description
CWE	CWE-287	Improper Authentication

Type: CWE

CWE ID: CWE-287

Description: Improper Authentication

Metrics

Version	Base score	Base severity	Vector
4.0	2.3	LOW	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
3.1	3.1	LOW	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R
3.0	3.1	LOW	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R
2.0	1.8	N/A	AV:A/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR

Version: 4.0

Base score: 2.3

Base severity: LOW

Vector:

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R

Version: 3.0

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R

Version: 2.0

Base score: 1.8

Base severity: N/A

Vector:

AV:A/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR

Credits

reporter

geochen (VulDB User)

Timeline

Event	Date
Advisory disclosed	2025-06-23 00:00:00
VulDB entry created	2025-06-23 02:00:00
VulDB entry last update	2025-06-23 16:16:16

Event: Advisory disclosed

Date: 2025-06-23 00:00:00

Event: VulDB entry created

Date: 2025-06-23 02:00:00

Event: VulDB entry last update

Date: 2025-06-23 16:16:16

References

Hyperlink	Resource
https://vuldb.com/?id.313641	vdb-entry
https://vuldb.com/?ctiid.313641	signature permissions-required
https://vuldb.com/?submit.595444	third-party-advisory
https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream	exploit

Hyperlink: https://vuldb.com/?id.313641

Resource:

vdb-entry

Hyperlink: https://vuldb.com/?ctiid.313641

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.595444

Resource:

third-party-advisory

Hyperlink: https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream

Resource:

exploit

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:23 Jun, 2025 | 21:15

Updated At:26 Jun, 2025 | 18:58

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.3	LOW	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	3.1	LOW	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary	2.0	1.8	LOW	AV:A/AC:H/Au:N/C:P/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 2.3

Base severity: LOW

Vector:

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 2.0

Base score: 1.8

Base severity: LOW

Vector:

AV:A/AC:H/Au:N/C:P/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	cna@vuldb.com

CWE ID: CWE-287

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.313641	cna@vuldb.com	N/A
https://vuldb.com/?id.313641	cna@vuldb.com	N/A
https://vuldb.com/?submit.595444	cna@vuldb.com	N/A

Hyperlink: https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.313641

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.313641

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?submit.595444

Source: cna@vuldb.com

Resource: N/A

Similar CVEs

3Records found

CVE-2025-6526

Matching Score-8

Assigner-VulDB

View Details

Matching Score-8

Assigner-VulDB

CVSS Score-2.3||LOW

EPSS-0.02% / 2.76%

7 Day CHG~0.00%

Published-23 Jun, 2025 | 22:00

Updated-26 Jun, 2025 | 18:58

70mai M300 HTTP Server insufficiently protected credentials

A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-70mai

Product-M300

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2025-6527

Matching Score-8

Assigner-VulDB

View Details

Matching Score-8

Assigner-VulDB

CVSS Score-2.3||LOW

EPSS-0.02% / 2.76%

7 Day CHG~0.00%

Published-23 Jun, 2025 | 22:00

Updated-26 Jun, 2025 | 18:58

70mai M300 Web Server access control

A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-70mai

Product-M300

CWE ID-CWE-266

Incorrect Privilege Assignment

CWE ID-CWE-284

Improper Access Control

CVE-2025-6528

Matching Score-6

Assigner-VulDB

View Details

Matching Score-6

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.03% / 8.16%

7 Day CHG~0.00%

Published-23 Jun, 2025 | 22:31

Updated-26 Jun, 2025 | 18:58

70mai M300 RTSP Live Video Stream Endpoint 12 improper authentication

A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-70mai

Product-M300

CWE ID-CWE-287

Improper Authentication

CVE-2025-6524

Credits

70mai 1S Video Services improper authentication

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs