---
title: "Critical Flaw in India-Based CCTV Cameras Exposes Credentials Remotely"
short_title: "Critical CCTV camera flaw exposes credentials"
description: "A severe vulnerability (CVE-2025-13607) in India-based CCTV cameras from D-Link, Sparsh Securitech, and Securus allows remote attackers to steal credentials. Patch now."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cctv, cve-2025-13607, d-link, authentication flaw, iot security]
score: 0.87
cve_ids: [CVE-2025-13607]
---
TL;DR
A critical vulnerability (CVE-2025-13607) in CCTV cameras from D-Link, Sparsh Securitech, and Securus allows remote attackers to access sensitive configuration data, including account credentials, without authentication. With a CVSS v4 score of 9.3, this flaw poses a severe risk to organizations using affected models. Immediate patching and network isolation are recommended to mitigate exploitation.
---
Main Content
Unauthenticated Access: A Ticking Time Bomb for CCTV Security
In a alarming discovery, cybersecurity researchers have uncovered a critical vulnerability in multiple India-based CCTV camera models that could expose sensitive credentials to remote attackers. The flaw, tracked as CVE-2025-13607, affects devices from D-Link (India Limited), Sparsh Securitech, and Securus CCTV, with a CVSS v4 score of 9.3—indicating a severe risk of exploitation. This vulnerability highlights the growing threats to IoT and surveillance systems, particularly in commercial facilities.
---
Key Points
- Vulnerability: Missing authentication for critical functions (CWE-306) allows unauthenticated access to camera configurations.
- Affected Vendors: D-Link (India Limited), Sparsh Securitech, and Securus CCTV.
- Impact: Remote attackers can steal account credentials and sensitive configuration data.
- CVSS Scores: 9.4 (v3) and 9.3 (v4), reflecting high severity and low attack complexity.
- Mitigation: Patch immediately (D-Link) or contact vendors (Sparsh Securitech, Securus CCTV) for updates.
---
Technical Details
#### Affected Products
The following CCTV camera model is confirmed to be vulnerable:
- D-Link DCS-F5614-L1: Versions v1.03.038 and prior.
While specific models for Sparsh Securitech and Securus CCTV are unconfirmed, users are urged to verify their devices' vulnerability status with the vendors.
#### Vulnerability Overview
The flaw, classified as CWE-306 (Missing Authentication for Critical Function), enables attackers to access sensitive camera configurations—including account credentials—by exploiting a vulnerable URL. No authentication is required, making this a low-complexity, high-impact attack vector.
- CVE ID: [CVE-2025-13607](https://www.cve.org/CVERecord?id=CVE-2025-13607)
- CVSS v3 Vector: `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L` (Score: 9.4)
- CVSS v4 Vector: `AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N` (Score: 9.3)
#### Background
- Critical Infrastructure Sectors: Commercial Facilities
- Deployment Regions: Primarily India
- Vendor Headquarters:
- D-Link: Taiwan
- Sparsh Securitech and Securus CCTV: India
This vulnerability was reported to CISA by researcher Souvik Kandar.
---
Impact Assessment
Successful exploitation of this vulnerability could lead to:
- Unauthorized access to live camera feeds.
- Theft of account credentials, enabling further attacks on connected systems.
- Compromise of entire surveillance networks, particularly in commercial facilities.
- Potential lateral movement within networks if cameras are connected to broader IT infrastructure.
Given the low attack complexity and remote exploitability, organizations must treat this as a critical threat.
---
Mitigation Steps
#### For D-Link Users
D-Link has released a security advisory and a software update for the affected model. Users are strongly advised to:
1. Download and install the latest firmware update from [D-Link’s Security Announcement](https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10462).
2. Verify the update by checking the software version in the product interface.
3. Monitor for further updates and apply them promptly.
#### For Sparsh Securitech and Securus CCTV Users
As these vendors have not responded to CISA’s coordination requests, users should:
1. Contact customer support to determine if their models are affected:
- Securus CCTV: [sales@securuscctv.com](mailto:sales@securuscctv.com) or [Contact Form](https://www.securuscctv.com/contactus)
- Sparsh Securitech: [info@sparshsecuritech.com](mailto:info@sparshsecuritech.com) or [Contact Form](https://www.sparshsecuritech.com/contact-us)
2. Isolate cameras from business networks until patches are confirmed.
#### General Recommendations
CISA recommends the following defensive measures to minimize exploitation risks:
- Minimize network exposure for control system devices. Ensure they are not accessible from the Internet.
- Locate control system networks behind firewalls and isolate them from business networks.
- Use secure remote access methods, such as VPNs, when remote access is required. Ensure VPNs are updated to the latest version and recognize that VPN security depends on connected devices.
- Perform impact analysis and risk assessment before deploying defensive measures.
For additional guidance, refer to CISA’s [recommended practices for industrial control systems](https://www.cisa.gov/resources-tools/resources/ics-recommended-practices).
---
Conclusion
The discovery of CVE-2025-13607 underscores the critical importance of securing IoT and surveillance devices, particularly in commercial environments. With a CVSS v4 score of 9.3, this vulnerability poses a severe risk of credential theft and unauthorized access. Organizations using affected CCTV cameras must act immediately—patch systems, isolate devices, and monitor for updates from vendors.
As IoT devices continue to proliferate, vulnerabilities like this serve as a stark reminder of the need for robust security practices, including regular updates, network segmentation, and proactive threat monitoring.
---
References
[^1]: CISA. "[ICS Advisory (ICSA-25-343-03)](https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-03)". Retrieved 2025-01-24.
[^2]: MITRE. "[CWE-306: Missing Authentication for Critical Function](https://cwe.mitre.org/data/definitions/306.html)". Retrieved 2025-01-24.
[^3]: D-Link. "[Security Advisory SAP10462](https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10462)". Retrieved 2025-01-24.