CVE-2025-14749 identifies an improper access control vulnerability in the Ningyuanda TC155 device, version 57.0.2.0, specifically within the ONVIF PTZ Control Interface exposed at the /onvif/device_service endpoint. ONVIF (Open Network Video Interface Forum) is a standard for IP-based security products, and PTZ (Pan-Tilt-Zoom) controls allow remote manipulation of camera orientation and zoom. The vulnerability arises because the device does not properly enforce access restrictions on this interface, allowing an attacker on the same local network to send unauthorized commands to the PTZ controls. This can lead to unauthorized camera movements, potentially enabling surveillance evasion or disruption of monitoring capabilities. The attack vector requires local network access but no authentication or user interaction, lowering the barrier for exploitation within compromised or poorly segmented networks. The exploit code is publicly available, increasing the risk of opportunistic attacks. The vendor Ningyuanda has not responded to disclosure attempts, and no patches or mitigations have been released to date. The CVSS 4.0 score is 5.3 (medium), reflecting the local network attack vector, lack of authentication, and limited impact on confidentiality, integrity, and availability. The vulnerability does not affect the device’s core system but targets a critical control interface, making it a significant concern for organizations relying on these devices for security monitoring.

For European organizations, this vulnerability poses a risk primarily to physical security infrastructure relying on Ningyuanda TC155 devices. Unauthorized PTZ control can allow attackers to disable or evade surveillance, potentially facilitating further intrusions or physical attacks. Confidentiality is impacted as attackers could manipulate camera views to avoid detection. Integrity is compromised by unauthorized control commands, and availability could be affected if the device is manipulated to disrupt monitoring. The requirement for local network access means that organizations with segmented and well-controlled networks face lower risk, but those with flat or poorly secured networks are vulnerable. Critical infrastructure sectors such as transportation, government facilities, and utilities using these devices for surveillance could face increased risk of physical security breaches. The lack of vendor response and patches increases the window of exposure, and the public availability of exploits raises the likelihood of opportunistic attacks. Overall, the impact is moderate but significant in contexts where surveillance integrity is crucial.

European organizations should implement strict network segmentation to isolate Ningyuanda TC155 devices from general user networks, limiting access to trusted administrators only. Employ VLANs or dedicated subnets with firewall rules to restrict access to the /onvif/device_service endpoint. Monitor network traffic for unusual PTZ control commands or access attempts from unauthorized hosts. Disable ONVIF PTZ control interfaces if not required or restrict their use via device configuration if possible. Employ network access control (NAC) solutions to prevent unauthorized devices from connecting to the local network. Regularly audit device firmware versions and configurations to detect unauthorized changes. Since no patch is available, consider deploying compensating controls such as intrusion detection systems (IDS) focused on ONVIF protocol anomalies. Engage with Ningyuanda or third-party security providers for potential firmware updates or mitigations. Finally, maintain an incident response plan that includes physical security device compromise scenarios.