Remenis/CVE-2025-63667

Releases0

Stars1

Vatilon-based IP camera firmwares issue Session-Id tokens without verifying credentials, allowing attackers to obtain sessions and retrieve plaintext account credentials via API endpoints.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-63667 ↗	Nov 12, 2025Wednesday, 12 November 2025, 15:15	7.5 HIGH	—
Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication.