Lucene search
Dsclee1PACKETSTORM:171540HistoryMar 28, 2023 - 12:00 a.m.
Tapo C310 RTSP Server 1.3.0 Unauthorized Video Stream Access
2023-03-2800:00:00
dsclee1
packetstormsecurity.com
118
tapo c310
rtsp server
unauthorized access
default credentials
cve-2022-37255
video stream
0.013 Low
EPSS
Percentile
86.2%
`# Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access
# Date: 19th July 2022
# Exploit Author: dsclee1
# Vendor Homepage: tp-link.com
# Software Link: http://download.tplinkcloud.com/firmware/Tapo_C310v1_en_1.3.0_Build_220328_Rel.64283n_u_1649923652150.bin
# Version: 1.3.0
# Tested on: Linux β running on camera
# CVE : CVE-2022-37255
These Tapo cameras work via an app. There is a facility on the app to set up a βCamera Accountβ, which adds user details for the RTSP server. Unfortunately if you donβt set up the user details on versions 1.3.0 and below there are default login details. I sourced these from the βcetβ binary on the camera.
You can gain unauthorised access to the RTSP stream using the following user details:
User: ---
Password: TPL075526460603
`
Related
nvd
nvd
CVE-2022-37255
2023-04-16 02:15:08
cvelist
cvelist
CVE-2022-37255
2023-04-16 00:00:00
cve
cve
CVE-2022-37255
2023-04-16 02:15:08
prion
prion
Default credentials
2023-04-16 02:15:00
zdt
zdt
exploitdb
exploitdb
Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
2023-03-28 00:00:00