127 matches found
PT-2024-34606 · Lsc · Lsc Smart Connect Indoor Ip Camera
Name of the Vulnerable Software and Affected Versions: LSC Smart Connect Indoor IP Camera version 7.6.32 Description: The issue allows unauthorized access to live camera footage through the RTSP protocol on port 8554 without requiring authentication, potentially compromising user privacy and...
SUSE CVE-2024-44331
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests...
CVE-2024-47790
CVE-2024-47790 affects D3D Security IP Camera D8801; root cause is use of an insecure RTSP version for live video streaming, allowing a remote attacker to craft RTSP packets to gain unauthorized access to the live feed. The devices are noted as no longer supported by the maintainer, and no specif...
CVE-2024-47790 Missing Authorization Vulnerability
UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol RTSP version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed...
CVE-2024-47790 Missing Authorization Vulnerability
UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol RTSP version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed...
D3D Security IP Camera 安全漏洞
D3D Security IP Camera is a series of cameras from D3D Security. A security vulnerability exists in the D3D Security IP Camera that stems from the use of an insecure version of the Live Streaming Protocol for live video streaming, resulting in unauthorized access to real-time information on the...
PT-2024-32300 · Runofast · Runofast Indoor Security Camera For Baby Monitor
Name of the Vulnerable Software and Affected Versions: runofast Indoor Security Camera for Baby Monitor affected versions not specified Description: The issue concerns a default password set as password for the root account, allowing unauthorized access to the "/stream1" URI via the rtsp://...
EZVIZ CS-CV246 安全漏洞
EZVIZ CS-CV246 is a wireless camera from China Fluorite EZVIZ. A security vulnerability exists in EZVIZ CS-CV246 version V5.3.0 build 191225, which originates from allowing an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that c...
PT-2024-28465 · Synology · Synology Camera Firmware
Name of the Vulnerable Software and Affected Versions: Synology Camera Firmware versions prior to 1.0.7-0298 Description: A vulnerability in the RTSP functionality allows man-in-the-middle attackers to bypass authentication and obtain privileges without consent via unspecified vectors. This issue...
CVE-2023-51624
D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to...
The vulnerability of the RTSP server of D-Link’s DCS-8300LHV2 wireless camera software allows a intruder to execute arbitrary code.
The vulnerability of the RTSP server of D-Link’s DCS-8300LHV2 wireless camera software lies in the reading of data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2023-28898
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...
Design/Logic Flaw
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...
CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...
CVE-2023-28898
The CVE-2023-28898 issue involves the Real-Time Streaming Protocol (RTSP) in the MIB3 infotainment system of the Škoda Superb III (3V3) 2.0 TDI (2022). The RTSP implementation improperly handles requests to the /logs URI when the id parameter is zero, enabling a connected attacker on the in-vehic...
CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...
Skoda Security Breach
Skoda is a line of automobiles from Skoda. A security vulnerability exists in the Skoda Superb III 3V3 version 2.0 TDI that stems from the Real-Time Streaming Protocol not properly handling requests for the /logs URI, allowing an attacker to launch a denial-of-service DOS attack on the infotainme...
PT-2024-1092 · D Link · D-Link Dcs-8300Lhv2
Name of the Vulnerable Software and Affected Versions: D-Link DCS-8300LHV2 affected versions not specified Description: The issue is related to a buffer overflow in the RTSP server of D-Link DCS-8300LHV2 IP cameras, allowing remote attackers to execute arbitrary code on affected installations. Th...
Tenda CP3 信任管理问题漏洞
Tenda CP3 is a smart camera from Tenda China. A security vulnerability exists in Tenda CP3 version V11.10.00.2211041355, which stems from the device containing a hardcoded default password for RTSP mentions...
SUSE CVE-2008-0225
Heap-based buffer overflow in the rmffdumpcont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmffdumpheader function and related to disregarding the max field. NOTE...