Home

Description

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings.

PUBLISHED Reserved 2025-11-03 | Published 2025-11-06 | Updated 2025-11-07 | Assigner icscert




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-522

Product status

Default status
unaffected

v1.1.124
affected

Credits

Milos C. reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-310-02

github.com/...p/csaf_files/OT/white/2025/icsa-25-310-02.json

cve.org (CVE-2025-12636)

nvd.nist.gov (CVE-2025-12636)

Download JSON