PatchSiren cyber security CVE debrief
CVE-2025-69988 BS Producten CVE debrief
BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control (CWE-284). An unauthenticated attacker in physical proximity can associate with the device's open wireless network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including live video and audio streams, without providing credentials. The vulnerability has a CVSS 3.1 score of 6.5 (MEDIUM severity) with vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating adjacent network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality impact. The CVE was published on March 27, 2026 and last modified on May 19, 2026. The vulnerability status in NVD is currently 'Deferred'. No known exploitation in ransomware campaigns has been reported (not listed in CISA KEV).
- Vendor
- BS Producten
- Product
- Petcam
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-27
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-03-27
- Advisory updated
- 2026-05-19
Who should care
Owners and operators of BS Producten Petcam 33.1.0.0818 devices; organizations deploying IoT surveillance cameras in sensitive environments; physical security teams responsible for camera placement and network isolation; network administrators managing wireless IoT device deployments; privacy-conscious users of pet monitoring cameras concerned about unauthorized video/audio access
Technical summary
The BS Producten Petcam 33.1.0.0818 exposes an open wireless network that lacks proper access controls. An attacker within physical proximity can associate with this network without authentication. Upon successful association, the attacker gains network-level access to the camera's private interface, enabling unauthorized retrieval of sensitive data including real-time video and audio feeds. The vulnerability stems from improper implementation of access control mechanisms (CWE-284) for the device's wireless network interface. The attack requires adjacent network access (AV:A) but no privileges or user interaction, making it exploitable by any nearby threat actor with standard wireless equipment.
Defensive priority
medium
Recommended defensive actions
- Restrict physical access to the Petcam device to prevent unauthorized proximity-based network association
- Segment IoT camera networks from critical infrastructure using VLANs or network isolation
- Monitor for unauthorized wireless associations to the Petcam's open network
- Apply firmware updates from BS Producten when available to address access control weaknesses
- Consider disabling or replacing affected devices if patches are not forthcoming
- Implement wireless intrusion detection to identify rogue associations with IoT device networks
Evidence notes
Vulnerability description and CVSS vector sourced from official NVD record. CWE-284 (Improper Access Control) identified in NVD weaknesses field. Security research reference provided by [email protected]. Vendor information marked as unknown in source data with confidence level 'unknown' and flagged for review.
Official resources
-
CVE-2025-69988 CVE record
CVE.org
-
CVE-2025-69988 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-03-27T15:16:46.017Z