CVE Catalog

CVE-2026-12527

MediumCVSS 6.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

The firmware of the V380 IP camera from Shenzhen Liandian Communication Technology LTD has a vulnerability related to a broken authorization boundary in the RTSP media delivery pipeline. This allows unauthenticated network actors to bypass the authentication process and directly access the live video stream.

Risk Assessment

This vulnerability poses a serious risk to privacy and security by allowing unauthorized users to access sensitive video data.

Recommendation

It is recommended to update the camera firmware to the latest version to patch this vulnerability and implement additional security measures to protect against unauthorized access.

Original NVD description (English source)

A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1_V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-time video stream data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS