Details of VAR-202506-2795

ID

VAR-202506-2795

TITLE

Suzhou Keda Technology Co., Ltd. MSS streaming media server has a logical defect vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-13136

DESCRIPTION

Suzhou Keda Technology Co., Ltd. is a leading provider of video and security products and solutions. There is a logic defect vulnerability in the MSS streaming media server of Suzhou Keda Technology Co., Ltd., which can be exploited by attackers to illegally create new user accounts and elevate permissions when logging in.

Trust: 0.6

sources: CNVD: CNVD-2025-13136

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13136

AFFECTED PRODUCTS

vendor:

keda

model:

mss streaming media server

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-13136

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2025-13136
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-13136
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-13136

PATCH

title:

Patch for Suzhou Keda Technology Co., Ltd. MSS streaming media server has a logical defect vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/699876

Trust: 0.6

sources: CNVD: CNVD-2025-13136

EXTERNAL IDS

db:

CNVD

id:

CNVD-2025-13136

Trust: 0.6

sources: CNVD: CNVD-2025-13136

SOURCES

db:

CNVD

id:

CNVD-2025-13136

LAST UPDATE DATE

2025-06-27T23:19:23.501000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2025-13136

date:

2025-06-20T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2025-13136

date:

2025-06-13T00:00:00