[Suggested description] The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.
[Vendor of Product] Rubetek (https://rubetek.com/)
[Affected Product Code Base] Camera RV-3406 - Firmware version 339 and 342 are affected. There are no fixed versions Camera RV-3409 - Firmware version 339 and 342 are affected. There are no fixed versions Camera RV-3411 - Firmware version 339 and 342 are affected. There are no fixed versions
[CVE Impact Other] Onvif service possible to move the camera and change some settings (brightness, clarity, time), it can restart the device and activate the reset to factory settings
[Attack Vectors] Anyone with network access to the camera can connect to ONVIF and RTSP services without using authentication.
[Reference] https://jet.su