The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.
The web interface
Exploit
CVE-2015-6970
NVD
Refer to CVE-2015-6970 NVD advisory