The vulnerability identified as CVE-2025-14748 affects the Ningyuanda TC155 device, version 57.0.2.0, within its ONVIF Device Management Service component. The flaw resides in improper access control related to the handling of the FactoryDefault argument in the /onvif/device_service endpoint. By sending a crafted input value 'Hard' to this argument, an attacker with local network access can manipulate device settings, potentially triggering a factory reset or other unauthorized configuration changes without requiring authentication or user interaction. This improper access control could lead to loss of device configuration integrity and availability, disrupting normal operations. The vulnerability has a CVSS 4.0 score of 5.3, indicating medium severity, with low attack complexity and no privileges or user interaction required. The vendor Ningyuanda was notified but has not issued a patch or response, and no public exploits are currently known. The attack surface is limited to local network access, which constrains remote exploitation but still poses a risk in environments where the device is accessible internally or through compromised network segments.

For European organizations, the vulnerability could lead to unauthorized factory resets or configuration changes of Ningyuanda TC155 devices, which are often used in surveillance or IoT deployments. This can cause temporary denial of service or loss of critical security configurations, impacting physical security monitoring and operational continuity. Since exploitation requires local network access, organizations with insufficient network segmentation or exposed internal networks are at higher risk. The integrity and availability of these devices could be compromised, potentially allowing attackers to disrupt security monitoring or gain further footholds. Given the lack of vendor response and patches, affected organizations may face prolonged exposure. The impact is particularly relevant for sectors relying on video surveillance and IoT infrastructure, such as critical infrastructure, manufacturing, and public safety in Europe.

Organizations should immediately audit their network to identify any Ningyuanda TC155 devices running version 57.0.2.0. Network segmentation should be enforced to restrict access to these devices strictly to trusted management hosts. Implement strict access control lists (ACLs) and monitor internal network traffic for suspicious requests to the /onvif/device_service endpoint. Disable or restrict ONVIF services if not required. Employ network intrusion detection systems (NIDS) with signatures or heuristics to detect attempts to manipulate the FactoryDefault argument. Since no patch is available, consider isolating affected devices or replacing them if feasible. Regularly review device configurations and logs for unauthorized resets or configuration changes. Engage with Ningyuanda for updates and monitor threat intelligence feeds for emerging exploits.