GSF
Company Details
Linkedin ID:
gsma-security-and-fraud
Website:
Employees number:
None employees
Number of followers:
2,304
NAICS:
517
Industry Type:
Homepage:
gsma.com
IP Addresses:
0
Company ID:
GSM_2846792
Scan Status:
In-progress
GSMA - Security and Fraud Company CyberSecurity Posture
gsma.com
The GSMA Security and Fraud team supports the wider mobile industry against emerging cyber threats and provide the means for all to converge around common solutions.
GSMA - Security and Fraud A.I CyberSecurity Scoring
GSF Risk Score (AI oriented)Between 700 and 749
GSF
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
GSF Global Score (TPRM)XXXX
GSF
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
GSF Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Google, GSMA, Metropolitan Police and Apple: Cops want Apple, Google to kill stolen phones remotely
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: **UK Lawmakers Press Apple and Google Over Stolen Smartphone Protections** UK legislators grilled Apple and Google in a House of Commons hearing over their failure to implement measures that would allow stolen smartphones to be remotely locked, reset, or blocked from accessing cloud services—a request repeatedly made by the Metropolitan Police. During the session, MPs expressed frustration over what they perceived as resistance from the tech giants, suggesting commercial incentives may be influencing their stance. Apple and Google, however, argued that such measures could introduce new fraud risks, including account takeovers and blackmail attempts. **The Scale of the Problem** The Met Police reported a sharp rise in smartphone thefts, with 80,000 devices stolen in London in 2024—up from 64,000 in 2023. Apple devices account for roughly 80% of stolen phones, with an estimated annual replacement value of £50 million ($67 million). Most stolen devices are funneled through criminal networks and resold abroad, primarily in Algeria, China, and Hong Kong. **Current Limitations** While the GSMA industry association allows stolen phones to be blocked at a network level using their IMEI (International Mobile Equipment Identity) numbers, this only covers about 10% of global networks. The Met Police has proposed an international cloud-level block, where reported stolen devices would be barred from accessing Apple or Google services. Security experts argue this could drastically reduce resale value and theft incentives. **Industry Responses** Apple’s Gary Davis acknowledged the risks of IMEI-based blocking, citing concerns over fraud vectors, including impersonation attacks that could lead to account deletions or blackmail. Google’s Simon Wingrove noted that Android devices can already be locked or wiped via the *Find My Device* app, but it remains unclear whether this prevents stolen phones from being reused with new accounts. **Potential Solutions** Dion Price, CEO of Trustonic—a company that provides remote locking for supply chain distributors—suggested a government-regulated system using IMEI data already collected for trade and tax purposes. Such a system could enable near-instant global locking of stolen devices, but only if phones are registered at first activation. The debate highlights the tension between security, user protection, and commercial interests as lawmakers push for stronger anti-theft measures.
GSF Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for GSF
Incidents vs Telecommunications Industry Average (This Year)
GSMA - Security and Fraud has 21.95% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
GSMA - Security and Fraud has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types GSF vs Telecommunications Industry Avg (This Year)
GSMA - Security and Fraud reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — GSF (X = Date, Y = Severity)
GSF cyber incidents detection timeline including parent company and subsidiaries
GSF Company Subsidiaries
The GSMA Security and Fraud team supports the wider mobile industry against emerging cyber threats and provide the means for all to converge around common solutions.
Loading...
GSF Similar Companies
Vodafone
At Vodafone, we believe that connectivity is a force for good. If we use it for the things that really matter, it can improve people's lives and the world around us. Through our technology we empower people, connecting everyone regardless of who they are or where they live, we protect the planet a
Telemont
Fundada em 1975, a Telemont Engenharia de Telecomunicações S/A é líder na prestação de serviços de implantação, manutenção e operação de redes de telecomunicações. São 7,7 milhões de acessos de voz, 3 milhões de ADSL e dados e 63 mil km de fibra óptica operados pela empresa. Através da Telemont I
Jazz
Pakistan’s number one digital operator and the largest internet and broadband service provider with over 70 million subscribers nationwide. With a legacy of more than 27 years, Jazz maintains market leadership through cutting-edge, integrated technology, the strongest brands and the largest portfoli
Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. With integrated solutions across four key domains – telecom networks, IT, smart devices, and cloud services – we are committed to bringing digital to every person, home and organi
Axiata
AXIATA GROUP BERHAD 242188-H (199201010685) In pursuit of its vision to be The Next Generation Digital Champion, Axiata is a diversified telecommunications and digital conglomerate operating Digital Telcos, Digital Businesses and Infrastructure businesses across a footprint spanning ASEAN and Sout
Lumen Technologies
Lumen connects the world. We digitally connect people, data and applications – quickly, securely and effortlessly. Everything we do at Lumen takes advantage of our network strength. From metro connectivity to long-haul data transport to our edge cloud, security, and managed service capabilities, we
Totalplay
Somos una empresa orgullosamente mexicana, líder en tecnología, telecomunicaciones y entretenimiento. Estamos siempre a la vanguardia con el objetivo de llevar a nuestros clientes lo mejor en conectividad, ya sea para que estén cerca de los que más quieren ó puedan alcanzar el éxito profesion
Globe is a leading full-service telecommunications company in the Philippines and publicly listed in the PSE with the stock symbol GLO. The company serves the telecommunications and technology needs of consumers and businesses across an entire suite of products and services including mobile, fixed,
TIM Brasil
A TIM é a empresa de telefonia móvel que mais cresce no Brasil. Atualmente, possui mais de 13 mil colaboradores em todo o país que trabalham entregando serviços inovadores e de qualidade em telefonia móvel, fixa e internet banda larga. É uma companhia feita de pessoas criativas, com energia real
.png)
GSF CyberSecurity News
December 22, 2025 06:48 AM
Asia's Telecom Titans Rise to Meet Cybersecurity Challenges: A Dive into 5G Security and Fraud Prevention
As the telecommunications sector in Asia rapidly moves towards 5G technology, cloud-native architectures, and digital services,...
December 19, 2025 07:05 AM
Securing the Network: Asia’s Telcos Tackle Cybersecurity Challenges
Asia's telecom operators face escalating cyber threats as 5G and digital services expand. Explore how regulations, AI-powered security,...
December 17, 2025 04:50 AM
Turbocharging Indonesia's Digital Journey: GSMA Calls for Heightened Investment in 5G and AI Technologies
The GSMA has highlighted the need for a more robust, investment-focused strategy to expedite Indonesia's digital transformation and...
November 27, 2025 08:00 AM
Fragmented Cybersecurity Regulation is Raising Costs and Increasing Risk for Mobile Operators: GSMA Report
The mobile industry, supported by the GSMA, calls for harmonised, risk-based and collaborative policy frameworks to strengthen global cyber...
November 04, 2025 08:00 AM
PLDT Enterprise and Nabstract Partner to Strengthen Digital Security
PLDT Enterprise and Nabstract partnered to enhance digital security with SmartSafe SilentAccess, offering real-time authentication, fraud...
November 03, 2025 01:21 AM
Dutch Telcos Partner with GSMA Open Gateway to Combat Online Fraud Using CAMARA APIs
Together, KPN, Odido and Vodafone have taken an important step in strengthening digital security and combating online fraud by launching innovative,...
October 14, 2025 07:00 AM
$500 bn B2B Opportunity for Telecom Operators: GSMA Highlights Enterprise Digital Transformation Market Growth
GSMA Intelligence estimates a $500 billion opportunity for telecom operators from the enterprise digital transformation market.
October 01, 2025 07:00 AM
Mobile Scam Threat Grows as GSMA Urges Telco Action
Mobile scam cases rise across ASEAN, with the GSMA urging telecom providers to step up as consumer trust in digital channels begins to...
September 25, 2025 07:00 AM
United defense: Malaysian telcos to create federated API service to secure number verification
Malaysian operators plan to launch a federated network service through the GSMA Open Gateway initiative to combat fraud and digital identity...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
GSF CyberSecurity History Information
Official Website of GSMA - Security and Fraud
The official website of GSMA - Security and Fraud is https://www.gsma.com/security/.
GSMA - Security and Fraud’s AI-Generated Cybersecurity Score
According to Rankiteo, GSMA - Security and Fraud’s AI-generated cybersecurity score is 712, reflecting their Moderate security posture.
How many security badges does GSMA - Security and Fraud’ have ?
According to Rankiteo, GSMA - Security and Fraud currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does GSMA - Security and Fraud have SOC 2 Type 1 certification ?
According to Rankiteo, GSMA - Security and Fraud is not certified under SOC 2 Type 1.
Does GSMA - Security and Fraud have SOC 2 Type 2 certification ?
According to Rankiteo, GSMA - Security and Fraud does not hold a SOC 2 Type 2 certification.
Does GSMA - Security and Fraud comply with GDPR ?
According to Rankiteo, GSMA - Security and Fraud is not listed as GDPR compliant.
Does GSMA - Security and Fraud have PCI DSS certification ?
According to Rankiteo, GSMA - Security and Fraud does not currently maintain PCI DSS compliance.
Does GSMA - Security and Fraud comply with HIPAA ?
According to Rankiteo, GSMA - Security and Fraud is not compliant with HIPAA regulations.
Does GSMA - Security and Fraud have ISO 27001 certification ?
According to Rankiteo,GSMA - Security and Fraud is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of GSMA - Security and Fraud
GSMA - Security and Fraud operates primarily in the Telecommunications industry.
Number of Employees at GSMA - Security and Fraud
GSMA - Security and Fraud employs approximately None employees people worldwide.
Subsidiaries Owned by GSMA - Security and Fraud
GSMA - Security and Fraud presently has no subsidiaries across any sectors.
GSMA - Security and Fraud’s LinkedIn Followers
GSMA - Security and Fraud’s official LinkedIn profile has approximately 2,304 followers.
NAICS Classification of GSMA - Security and Fraud
GSMA - Security and Fraud is classified under the NAICS code 517, which corresponds to Telecommunications.
GSMA - Security and Fraud’s Presence on Crunchbase
No, GSMA - Security and Fraud does not have a profile on Crunchbase.
GSMA - Security and Fraud’s Presence on LinkedIn
Yes, GSMA - Security and Fraud maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/gsma-security-and-fraud.
Cybersecurity Incidents Involving GSMA - Security and Fraud
As of December 24, 2025, Rankiteo reports that GSMA - Security and Fraud has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
GSMA - Security and Fraud has an estimated 9,766 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at GSMA - Security and Fraud ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
What was the total financial impact of these incidents on GSMA - Security and Fraud ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $50 million.
How does GSMA - Security and Fraud detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with trustonic (provides locking technology for smartphones), and law enforcement notified with metropolitan police engaged with apple and google, and communication strategy with public statements by apple and google to uk parliament..
Incident Details
Can you provide details on each incident ?
Title: UK Legislators Question Apple and Google Over Lack of Smartphone Theft Protections
Description: UK Members of Parliament expressed concerns that Apple and Google have not implemented measures to remotely lock, reset, and block stolen smartphones from accessing cloud services, as requested by the Metropolitan Police. The tech companies cited potential fraud vectors and commercial incentives as reasons for their reluctance.
Type: Policy and Compliance Issue
Threat Actor: Criminal gangs
Motivation: Financial gain through resale of stolen devices
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Financial Loss: £50 million ($67 million) annual replacement value of stolen phones in London
Systems Affected: Smartphones (primarily Apple iPhones)
Operational Impact: Traumatic disconnection for users, potential data access by criminals
Brand Reputation Impact: Potential reputational damage to Apple and Google due to perceived inaction
Identity Theft Risk: Potential risk if data is accessed by criminals
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $50.00 million.
Which entities were affected by each incident ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Entity Name: Apple
Entity Type: Technology Company
Industry: Consumer Electronics and Software
Location: Global (UK affected)
Size: Large
Customers Affected: Approximately 64,000-80,000 stolen Apple phones in London (2023-2024)
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Entity Name: Google
Entity Type: Technology Company
Industry: Consumer Electronics and Software
Location: Global (UK affected)
Size: Large
Customers Affected: Unknown number of stolen Android phones in London
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Third Party Assistance: Trustonic (provides locking technology for smartphones)
Law Enforcement Notified: Metropolitan Police engaged with Apple and Google
Communication Strategy: Public statements by Apple and Google to UK Parliament
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Trustonic (provides locking technology for smartphones).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Sensitivity of Data: Potential access to cloud services (e.g., Google Photos, Drive, Gmail, Apple iCloud)
Personally Identifiable Information: Potential risk if cloud data is accessed
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Lessons Learned: Need for collaboration between tech companies, law enforcement, and regulators to address smartphone theft and resale. Potential for IMEI-based blocking systems to reduce theft incentives.
What recommendations were made to prevent future incidents ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Recommendations: Implement an international cloud-level blocking system for stolen smartphones using IMEI numbers., Establish a regulatory or government body to oversee smartphone registration and locking mechanisms., Enhance fraud detection to prevent misuse of IMEI-based blocking systems., Improve coordination between tech companies, law enforcement, and telecom providers to track and block stolen devices.Implement an international cloud-level blocking system for stolen smartphones using IMEI numbers., Establish a regulatory or government body to oversee smartphone registration and locking mechanisms., Enhance fraud detection to prevent misuse of IMEI-based blocking systems., Improve coordination between tech companies, law enforcement, and telecom providers to track and block stolen devices.Implement an international cloud-level blocking system for stolen smartphones using IMEI numbers., Establish a regulatory or government body to oversee smartphone registration and locking mechanisms., Enhance fraud detection to prevent misuse of IMEI-based blocking systems., Improve coordination between tech companies, law enforcement, and telecom providers to track and block stolen devices.Implement an international cloud-level blocking system for stolen smartphones using IMEI numbers., Establish a regulatory or government body to oversee smartphone registration and locking mechanisms., Enhance fraud detection to prevent misuse of IMEI-based blocking systems., Improve coordination between tech companies, law enforcement, and telecom providers to track and block stolen devices.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Need for collaboration between tech companies, law enforcement, and regulators to address smartphone theft and resale. Potential for IMEI-based blocking systems to reduce theft incentives.
References
Where can I find more information about each incident ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Source: The Register
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Source: UK House of Commons Science, Innovation and Technology Committee
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Register, and Source: UK House of Commons Science, Innovation and Technology Committee.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Investigation Status: Ongoing (policy discussion and technical evaluation)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public statements by Apple and Google to UK Parliament.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Stakeholder Advisories: UK Parliament committee urging Apple and Google to implement IMEI-based blocking for stolen devices.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was UK Parliament committee urging Apple and Google to implement IMEI-based blocking for stolen devices..
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Policy and Compliance Issue GOOGSMDC-APP1766375619
Root Causes: Lack Of Standardized Imei-Based Blocking System For Cloud Services, Potential Commercial Incentives For Tech Companies (E.G., Revenue From Cloud Services And Replacement Devices), Fraud Risks Associated With Imei Spoofing Or Misuse,
Corrective Actions: Evaluate Feasibility Of Imei-Based Cloud Blocking With Fraud Prevention Measures, Explore Regulatory Or Government-Led Solutions For Smartphone Registration And Locking, Improve Collaboration Between Tech Companies, Law Enforcement, And Telecom Providers,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Trustonic (provides locking technology for smartphones).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Evaluate Feasibility Of Imei-Based Cloud Blocking With Fraud Prevention Measures, Explore Regulatory Or Government-Led Solutions For Smartphone Registration And Locking, Improve Collaboration Between Tech Companies, Law Enforcement, And Telecom Providers, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Criminal gangs.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was £50 million ($67 million) annual replacement value of stolen phones in London.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Trustonic (provides locking technology for smartphones).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Need for collaboration between tech companies, law enforcement, and regulators to address smartphone theft and resale. Potential for IMEI-based blocking systems to reduce theft incentives.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Improve coordination between tech companies, law enforcement, and telecom providers to track and block stolen devices., Enhance fraud detection to prevent misuse of IMEI-based blocking systems., Implement an international cloud-level blocking system for stolen smartphones using IMEI numbers. and Establish a regulatory or government body to oversee smartphone registration and locking mechanisms..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are The Register, UK House of Commons Science and Innovation and Technology Committee.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (policy discussion and technical evaluation).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was UK Parliament committee urging Apple and Google to implement IMEI-based blocking for stolen devices., .
.png)
Latest Global CVEs (Not Company-Specific)
Description
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. An attacker with permissions to create or modify a TriggerAuthentication resource can exfiltrate the content of any file from the node's filesystem (where the KEDA pod resides) by directing the file's content to a server under their control, as part of the Vault authentication request. The potential impact includes the exfiltration of sensitive system information, such as secrets, keys, or the content of files like /etc/passwd. This issue has been patched in versions 2.17.3 and 2.18.3.
Risk Information
cvss4
Base: 8.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at packages/fedify/src/runtime/docloader.ts:259 contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses. This issue has been patched in versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
- https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779
- https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a
- https://github.com/fedify-dev/fedify/releases/tag/1.6.13
- https://github.com/fedify-dev/fedify/releases/tag/1.7.14
- https://github.com/fedify-dev/fedify/releases/tag/1.8.15
- https://github.com/fedify-dev/fedify/releases/tag/1.9.2
- https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93
Description
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Description
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=gsma-security-and-fraud' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
