CVE-2026-12527

Vulnerability Description

A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1_V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-time video stream data.

Vulnerability Details

Published Date

June 18, 2026

Last Modified

June 18, 2026

CWE ID

CWE-306

Source

NVD

Vendor

Shenzhen Liandian Communication Technology LTD

Product

V380 IP Camera / AppFHE1_V1.0.6.0

External References

https://github.com/AounShAh/Research-on-v380-cctv-ip-camera#broken-access-control-leading-to-critical-live-video-exposure
https://github.com/AounShAh/Research-on-v380-cctv-ip-camera#broken-access-control-leading-to-critical-live-video-exposure

CVE-2026-12527

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment