CVE-2025-69988

Vulnerability

Overview The BS Producten Petcam in version 33.1.0.0818 suffers from an incorrect access control vulnerability (CWE-306) in its "Local Mode" network configuration. When activated, the device broadcasts an open Wi-Fi access point with the SSID pattern CLOUDCAM_[MAC_SUFFIX] [1]. No wireless security (WPA/WPA2/WPA3) is enforced, and no authentication is required to join the network [1].

Exploitation

Details An unauthenticated attacker in physical proximity can discover and connect to the open wireless network. After association, the device assigns an IP address via DHCP, placing the attacker on the same subnet as the camera's internal services [1]. Services such as an RTSP stream on port 554 and a custom API on port 8001 are exposed [1]. The live video and audio feed can be accessed without providing any credentials [1].

Impact

Successful exploitation leads to a complete loss of confidentiality. An attacker can monitor the camera's live video and audio streams in real time, as well as interact with the internal API, potentially exposing further sensitive information [1].

Mitigation

The last tested version is 33.1.0.0818, and it is unknown whether later updates address this issue [1]. Users should check with the vendor for patched firmware or apply network-level controls (e.g., disabling the open AP if not needed). The vulnerability has a CVSS v3 base score of 6.2 (medium) with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [1].