Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

CVE-2025-66049

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

iCam365 P201和iCam365 QC021 访问控制错误漏洞

The iCam365 P201 and iCam365 QC021 are both a network surveillance camera from the Chinese company iCam365. An access control error vulnerability exists in the iCam365 P201 and iCam365 QC021 that stems from the product allowing unauthenticated access to the RTSP service, which could lead to...

EUVD-2020-30170

Malware in sbrugna...

EUVD-2017-17357

Malware in sbrugna...

CVE-2025-30135

An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its HTTP and RTSP interfaces, allowing attackers to retrieve sensitive files and video recordings. By connecting to...

CVE-2025-30135

CVE-2025-30135 concerns the IROAD Dashcam FX2, which reportedly exposes unauthenticated HTTP and RTSP interfaces. The description states lack of authentication allows an attacker to download all stored video recordings by connecting to http://192.168.10.1/mnt/extsd/event/ and to view live footage...

CVE-2025-30112

The CVE-2025-30112 entry concerns the 70mai Dash Cam 1S. The available connected sources describe a network-accessible bypass of the official mobile-app authorization by directly connecting to the device’s network and accessing the API on port 80 and RTSP on port 554. The root cause is an inadequ...

CVE-2022-37255

TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603...

CVE-2020-9349

The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password...

Foscam camera Web UI Account Non-Random Default Credentials Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. A non-random default credentials vulnerability exists in the Foscam camera web user interface account. The device uses admin blank non-random default credentials to acces...