UBUNTU-CVE-2019-7314

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash Segmentation fault or possibly have unspecified other impact...

UPDATE: Cameradar v3.0.1

PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...

curl: RTSP RTP buffer over-read

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage...

Foscam Opticam i5 Denial of Service Vulnerability (CNVD-2018-22817)

Foscam Opticam i5 is an IP camera from FOSCAM. A denial of service vulnerability exists in RtspServer in the Foscam Opticam i5 with system firmware 1.5.2.11 and application firmware 2.21.1.128. A remote attacker can exploit this vulnerability to cause a denial of service daemon hang or restart vi...

CVE-2018-19076

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication...

PT-2018-16250 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: The issue arises from the device's incorrect handling of spaces in the URL field of the smart cameras RTSP configuration, leading to an arbitrary operating system command...

ALPINE-CVE-2018-1000301

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have...

DEBIAN-CVE-2018-1000122

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage...

UBUNTU-CVE-2018-1000122

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage...

UBUNTU-CVE-2017-15190

In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable...

DEBIAN-CVE-2017-15190

In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable...

Remote Exploitation of the NeoCoolcam IP Cameras and Gateway

Foreword The Internet of Connected Things has become a massive phenomenon during the past few years and will continue to grow at an incredible pace. More than 26 billion smart devices will be on the market by 2020, Gartner estimates. We’re looking at an explosive growth, as IoT opportunities...

TP-LINK NC250 Certification Bypass Vulnerability

TP-Link NC250 is a network camera product from China P&L TP-LINK. An authentication bypass vulnerability exists in the TP-LINK NC250. The vulnerability is exploited by 攻击者可借助rtsp://admin@yourip:554/h264hd.sdp URL to view video and audio without authorization...

The vulnerability of the Wireshark Network Protocol Analyzer software allows a remote attacker to compromise the accessibility of protected information.

A one-unit shift error in the isrtsprequestorreply function in the epan/dissectors/packet-rtsp.c file of the RTSP dissector in Wireshark allows malicious actors operating remotely to trigger a service failure abrupt termination of the application’s operation by using a specially crafted packet th...

Juniper Junos RTSP Packet Handling flowd DoS (JSA10721)

According to its self-reported version number, the remote Juniper Junos device is affected by denial of service vulnerability due to a flaw in the Real Time Streaming Protocol Application Layer Gateway RTSP ALG implementation. An unauthenticated, remote attacker can exploit this, via a crafted RT...

Juniper Junos OS Denial of Service Vulnerability

Juniper Networks is a network communications equipment company that supplies IP networking and information security solutions. Juniper Junos OS with RTSP ALG enabled can cause a process crash when processing certain constructed RTSP packets, resulting in a denial of service flowd crash...

Input validation

Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway RTSP ALG is enabled, allow remote attackers to cause a denial of service flowd crash v...

CVE-2016-1262

Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway RTSP ALG is enabled, allow remote attackers to cause a denial of service flowd crash v...

wireshark: RTSP dissector crash (wnpa-sec-2014-17)

Off-by-one error in the isrtsprequestorreply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service application crash via a crafted packet that triggers parsing of a token...

Apple Streaming Protocol Client

Binary data 8233.prm...