OTPulse
FeedAboutContact

Survision License Plate Recognition Camera

Act Now9.8ICS-CERT ICSA-25-308-02Nov 4, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The Survision License Plate Recognition LPR Camera contains an authentication bypass vulnerability (CWE-306) that allows unauthenticated remote access to the camera's full administrative interface. All firmware versions prior to v3.5 are affected. Successful exploitation grants an attacker complete control over camera configuration, monitoring functions, and data output without requiring any credentials or user interaction.

What this means
What could happen
An attacker with network access to the camera can gain full administrative control without entering any credentials, allowing them to modify camera settings, disable monitoring, or redirect traffic enforcement data.
Who's at risk
License plate recognition (LPR) systems used by traffic enforcement agencies, toll collection, parking management, and law enforcement. This affects any municipality or authority running Survision cameras for automated traffic monitoring or access control.
How it could be exploited
An attacker on the network sends a request to the LPR camera's management interface (HTTP/HTTPS). The vulnerability bypasses authentication entirely, granting direct access to system configuration and operational controls without a login prompt or credential validation.
Prerequisites
  • Network access to the LPR camera (typically port 80 or 443)
  • Camera running firmware version prior to v3.5
Remotely exploitableNo authentication requiredLow complexity attackAffects public safety and law enforcement operationsAll versions vulnerable
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
License Plate Recognition LPR Camera: vers:all/*All versionsv3.5
Remediation & Mitigation
0/6
Do now
0/3
HARDENINGEnable password authentication and configure user roles with minimal rights in the user management system
HARDENINGEnforce client certificate authentication where supported by the camera
WORKAROUNDFor pre-v3.5 systems, activate the lock password in security parameters
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate License Plate Recognition LPR Camera firmware to version v3.5 or later
Long-term hardening
0/2
HARDENINGRestrict network access to the LPR camera—do not expose to the internet and place behind a firewall
HARDENINGIf remote access is needed, route traffic through a VPN with current security patches
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/49516fb9-920a-4371-8b6e-75a23de5f324