CVE ID: CVE-2024-25458 Affected Device: SHIXCAM A9 Camera Firmware Version: CYCAM_48B_BC01_v87_0903 Vulnerability Type: Sensitive Information Exposure Exploit Method: Sending a specially crafted packet with data to the device via UDP port 8600. Impact: - The attacker can obtain the camera's password. - The attacker can add the camera to their network. - The attacker can access the camera's video feed. Detection: - Run the provided proof-of-concept script on the LAN. - Check if device is affected by examining its internal components, serial number, or firmware version. Additional Info: - The vendor has not responded to multiple communication attempts regarding the vulnerability. - The Android app's cloud storage service poses additional risks due to hardcoded API keys.