header-logo
Suggest Exploit
vendor:
IP Camera
by:
icekam,xiao13,Rainbow,tfsec
7,5
CVSS
HIGH
Unauthorized access to RTSP
287
CWE
Product Name: IP Camera
Affected Version From: Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, TN540
Affected Version To: Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, TN540
Patch Exists: YES
Related CWE: CVE-2021-40379
CPE: h:compro_technology:ip_camera
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=40379https://www.infosecmatter.com/nessus-plugin-library/?id=43835https://www.infosecmatter.com/nessus-plugin-library/?id=43840https://www.infosecmatter.com/nessus-plugin-library/?id=31772https://www.infosecmatter.com/nessus-plugin-library/?id=29856https://www.infosecmatter.com/nessus-plugin-library/?id=63854https://www.infosecmatter.com/nessus-plugin-library/?id=60440https://www.infosecmatter.com/nessus-plugin-library/?id=41210https://www.infosecmatter.com/nessus-plugin-library/?id=43837https://www.infosecmatter.com/nessus-plugin-library/?id=29872
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2021

Compro Technology IP Camera – RTSP stream disclosure (Unauthenticated)

Some devices have unauthorized access to rstp, which can lead to the leakage of surveillance video stream information.

Mitigation:

Ensure that all RTSP streams are properly authenticated and access is restricted to authorized users.
Source

Exploit-DB raw data:

# Exploit Title: Compro Technology IP Camera - RTSP stream disclosure (Unauthenticated)
# Date: 2021-09-30
# Exploit Author: icekam,xiao13,Rainbow,tfsec
# Software Link: http://www.comprotech.com.hk/
# Version: Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, TN540
# CVE : CVE-2021-40379

Some devices have unauthorized access to rstp, which can lead to the
leakage of surveillance video stream information.

Payload:rstp://.../medias2

please refer to:
https://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-vulnerabilities.md

Navigation

Suggest Exploit

Services By CQR