CVE-2026-12527
MediumCVSS 6.0Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
The firmware of the V380 IP camera from Shenzhen Liandian Communication Technology LTD has a vulnerability related to a broken authorization boundary in the RTSP media delivery pipeline. This allows unauthenticated network actors to bypass the authentication process and directly access the live video stream.
Risk Assessment
This vulnerability poses a serious risk to privacy and security by allowing unauthorized users to access sensitive video data.
Recommendation
It is recommended to update the camera firmware to the latest version to patch this vulnerability and implement additional security measures to protect against unauthorized access.
Original NVD description (English source)
A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1_V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-time video stream data.

