Multiple India-based CCTV Cameras (Update A)**

Act Now9.4ICS-CERT ICSA-25-343-03Dec 9, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple India-based CCTV camera models contain an authentication bypass vulnerability (CWE-306) that allows unauthenticated remote attackers to access and extract account credentials and camera data. Affected products include D-Link DCS-F5614-L1 (v1.03.038 and earlier), Securus Purple Series cameras (firmware before 15-12-2025), and all versions of generic IP CCTV cameras. The vulnerability has a CVSS score of 9.4 and can result in unauthorized access to surveillance systems and credential theft.

What this means

What could happen

An attacker could access camera account credentials and other sensitive information, potentially gaining unauthorized access to your surveillance system and viewing live or recorded footage. This affects monitoring and evidence collection capabilities.

Who's at risk

Facility managers and IT staff responsible for CCTV surveillance systems should be concerned. This affects D-Link DCS-F5614-L1 cameras and Securus Purple Series cameras used in security monitoring, as well as other IP-based CCTV camera models. Any organization relying on these cameras for facility monitoring, access control, or incident recording is at risk.

How it could be exploited

An attacker with network access to the CCTV camera can send a specially crafted request that bypasses authentication checks (CWE-306: missing authentication) to extract account credentials and camera data without needing valid login credentials.

Prerequisites

Network access to the CCTV camera over the internet or internal network
No credentials required for exploitation
Camera must be on an accessible network segment

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.4)No patch available for DCS-F5614-L1 and generic IP CCTV camerasDefault credentials may be in use

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

1 with fix2 EOL

ProductAffected VersionsFix Status

DCS-F5614-L1: <=v1.03.038≤ v1.03.038No fix (EOL)

Purple Series: <15-12-2025<15-12-202515-12-2025 or later

IP CCTV Cameras: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDFor all affected CCTV cameras: Verify firmware version matches the installed update version on the camera interface after any update.

WORKAROUNDChange all default and factory credentials on affected cameras to strong, unique passwords.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXFor Purple Series: Update firmware to version dated 15-12-2025 or later when available from Securus.

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: DCS-F5614-L1: <=v1.03.038, IP CCTV Cameras: vers:all/*. Apply the following compensating controls:

HARDENINGFor DCS-F5614-L1: No vendor fix is available; implement network segmentation to restrict access to the camera to authorized personnel only and place cameras on isolated VLANs.

HARDENINGFor IP CCTV Cameras (all versions): No vendor fix available; restrict network access to cameras using firewall rules to limit connections to authorized monitoring stations and administrative workstations only.

CVEs (1)

CVE-2025-13607

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/15a84489-66d0-4a1f-8960-c882ab3d5455