Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access

vendor:

by:

dsclee1

7.5

CVSS

HIGH

Unauthorised Video Stream Access

CWE

Product Name:

Affected Version From: 1.3.0 and below

Affected Version To:

Patch Exists: NO

Related CWE: CVE-2022-37255

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux

2022

Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access

These Tapo cameras work via an app. There is a facility on the app to set up a “Camera Account”, which adds user details for the RTSP server. Unfortunately if you don’t set up the user details on versions 1.3.0 and below there are default login details. I sourced these from the “cet” binary on the camera.You can gain unauthorised access to the RTSP stream using the following user details:User: ---Password: TPL075526460603

Mitigation:

Set up user details for the RTSP server to prevent unauthorised access. Update to a version above 1.3.0 to avoid default login details.

Source

Exploit-DB raw data:

# Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access
# Date: 19th July 2022
# Exploit Author: dsclee1
# Vendor Homepage: tp-link.com
# Software Link: http://download.tplinkcloud.com/firmware/Tapo_C310v1_en_1.3.0_Build_220328_Rel.64283n_u_1649923652150.bin
# Version: 1.3.0
# Tested on: Linux – running on camera
# CVE : CVE-2022-37255

These Tapo cameras work via an app. There is a facility on the app to set up a “Camera Account”, which adds user details for the RTSP server. Unfortunately if you don’t set up the user details on versions 1.3.0 and below there are default login details. I sourced these from the “cet” binary on the camera.

You can gain unauthorised access to the RTSP stream using the following user details:

User: ---

Password: TPL075526460603