Lucene search
K

78 matches found

Vulnrichment
Vulnrichment
added 2024/10/04 12:46 p.m.13 views

CVE-2024-47790 Missing Authorization Vulnerability

UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol RTSP version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed...

8.7CVSS6.5AI score0.00492EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/23 12:0 a.m.7 views

EZVIZ CS-CV246 安全漏洞

EZVIZ CS-CV246 is a wireless camera from China Fluorite EZVIZ. A security vulnerability exists in EZVIZ CS-CV246 version V5.3.0 build 191225, which originates from allowing an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that c...

9.8CVSS6.7AI score0.00567EPSS
Exploits1References3
NVD
NVD
added 2024/01/12 4:15 p.m.14 views

CVE-2023-28898

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...

5.3CVSS5.2AI score0.00231EPSS
Exploits0References1
Prion
Prion
added 2024/01/12 4:15 p.m.13 views

Design/Logic Flaw

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...

1.8CVSS7.1AI score0.00231EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/12 4:4 p.m.34 views

CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...

5.3CVSS5.5AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2024/01/12 4:4 p.m.57 views

CVE-2023-28898

The CVE-2023-28898 issue involves the Real-Time Streaming Protocol (RTSP) in the MIB3 infotainment system of the Škoda Superb III (3V3) 2.0 TDI (2022). The RTSP implementation improperly handles requests to the /logs URI when the id parameter is zero, enabling a connected attacker on the in-vehic...

5.3CVSS5.2AI score0.00231EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/12 4:4 p.m.20 views

CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.5 views

PT-2024-1092 · D Link · D-Link Dcs-8300Lhv2

Name of the Vulnerable Software and Affected Versions: D-Link DCS-8300LHV2 affected versions not specified Description: The issue is related to a buffer overflow in the RTSP server of D-Link DCS-8300LHV2 IP cameras, allowing remote attackers to execute arbitrary code on affected installations. Th...

8.8CVSS8.1AI score0.01315EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.6 views

SUSE CVE-2009-4248

Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and...

9.3CVSS8.2AI score0.06835EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.5 views

SUSE CVE-2021-38381

Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash...

6.5CVSS6.9AI score0.0119EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/11/16 12:0 a.m.13 views

The vulnerability of the RTSP-based microprogramming software for IP cameras such as VPort P16-1MP-M12, VPort P16-1MP-M12-IR, and VPort P06-1MP-M12 allows a intruder to cause a service failure.

The vulnerability of the RTSP microprogramming software-based IP camera models VPort P16-1MP-M12, VPort P16-1MP-M12-IR, and VPort P06-1MP-M12 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to cause a service failur...

7.8CVSS5.5AI score
Exploits0References2Affected Software3
OSV
OSV
added 2022/05/05 5:15 p.m.5 views

CVE-2022-28691

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol RTSP profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic...

7.5CVSS5.8AI score0.00868EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.28 views

F5 Networks BIG-IP : BIG-IP RTSP profile vulnerability (K37155600)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K37155600 advisory. - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1...

7.5CVSS7.5AI score0.00868EPSS
Exploits0References2
OSV
OSV
added 2021/09/01 6:15 p.m.3 views

CVE-2021-40379

An issue was discovered on Compro IP70 2.087130218, IP570 2.087130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization...

7.5CVSS7.1AI score0.21631EPSS
Exploits3References2
OSV
OSV
added 2021/08/10 6:15 p.m.4 views

UBUNTU-CVE-2021-38382

Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash...

6.5CVSS5.8AI score0.0119EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2021/02/16 4:50 p.m.201 views

Misconfigured Baby Cams Allow Unauthorized Viewing

A vulnerability affecting multiple baby monitors could allow someone to drop in and view a camera’s video stream, according to researchers. Potentially hundreds of thousands of live devices are impacted, they said. The issue exists in the manufacturers’ implementation of the Real-Time Streaming...

7AI score
Exploits0References6
OSV
OSV
added 2019/04/23 8:32 p.m.5 views

CVE-2019-10711

Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware until Webware version V1.0.1 allows attackers to view an RTSP stream by connecting to the stream with hidden credentials guest or user that are neither displayed nor configurable in the...

7.5CVSS7.2AI score0.01408EPSS
Exploits0References1
OSV
OSV
added 2019/02/04 2:29 a.m.8 views

UBUNTU-CVE-2019-7314

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash Segmentation fault or possibly have unspecified other impact...

9.8CVSS7.2AI score0.03192EPSS
Exploits0References5
pentestit
pentestit
added 2019/01/30 1:7 a.m.94 views

UPDATE: Cameradar v3.0.1

PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...

1.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/11/13 8:36 a.m.8 views

curl: RTSP RTP buffer over-read

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage...

9.1CVSS7.6AI score0.09393EPSS
Exploits0References5
Rows per page
Query Builder