CVE-2025-12636

Ubia Ubox

CVSS 7.1 HIGHEPSS 0.2%CWE-522

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Ubia · Ubox Android Ubia · Ubox IOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02