Lucene search
K

127 matches found

Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.4 views

PT-2024-34606 · Lsc · Lsc Smart Connect Indoor Ip Camera

Name of the Vulnerable Software and Affected Versions: LSC Smart Connect Indoor IP Camera version 7.6.32 Description: The issue allows unauthorized access to live camera footage through the RTSP protocol on port 8554 without requiring authentication, potentially compromising user privacy and...

6.5CVSS6.9AI score0.00295EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/10/29 4:19 a.m.2 views

SUSE CVE-2024-44331

Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests...

7.5CVSS6.8AI score0.00658EPSS
Exploits0References3
CVE
CVE
added 2024/10/04 12:46 p.m.51 views

CVE-2024-47790

CVE-2024-47790 affects D3D Security IP Camera D8801; root cause is use of an insecure RTSP version for live video streaming, allowing a remote attacker to craft RTSP packets to gain unauthorized access to the live feed. The devices are noted as no longer supported by the maintainer, and no specif...

8.7CVSS6.5AI score0.00472EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/04 12:46 p.m.12 views

CVE-2024-47790 Missing Authorization Vulnerability

UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol RTSP version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed...

8.7CVSS6.5AI score0.00472EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/04 12:46 p.m.21 views

CVE-2024-47790 Missing Authorization Vulnerability

UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol RTSP version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed...

8.7CVSS0.00472EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.5 views

D3D Security IP Camera 安全漏洞

D3D Security IP Camera is a series of cameras from D3D Security. A security vulnerability exists in the D3D Security IP Camera that stems from the use of an insecure version of the Live Streaming Protocol for live video streaming, resulting in unauthorized access to real-time information on the...

8.7CVSS6.3AI score0.00472EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/18 12:0 a.m.6 views

PT-2024-32300 · Runofast · Runofast Indoor Security Camera For Baby Monitor

Name of the Vulnerable Software and Affected Versions: runofast Indoor Security Camera for Baby Monitor affected versions not specified Description: The issue concerns a default password set as password for the root account, allowing unauthorized access to the "/stream1" URI via the rtsp://...

6.5CVSS7.5AI score0.00229EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/23 12:0 a.m.7 views

EZVIZ CS-CV246 安全漏洞

EZVIZ CS-CV246 is a wireless camera from China Fluorite EZVIZ. A security vulnerability exists in EZVIZ CS-CV246 version V5.3.0 build 191225, which originates from allowing an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that c...

9.8CVSS6.7AI score0.00567EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.5 views

PT-2024-28465 · Synology · Synology Camera Firmware

Name of the Vulnerable Software and Affected Versions: Synology Camera Firmware versions prior to 1.0.7-0298 Description: A vulnerability in the RTSP functionality allows man-in-the-middle attackers to bypass authentication and obtain privileges without consent via unspecified vectors. This issue...

7.5CVSS7.3AI score0.00668EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:16 a.m.1 views

CVE-2023-51624

D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to...

8.8CVSS6.4AI score0.01315EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/17 12:0 a.m.6 views

The vulnerability of the RTSP server of D-Link’s DCS-8300LHV2 wireless camera software allows a intruder to execute arbitrary code.

The vulnerability of the RTSP server of D-Link’s DCS-8300LHV2 wireless camera software lies in the reading of data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.8CVSS8.2AI score0.01315EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/01/12 4:15 p.m.13 views

CVE-2023-28898

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...

5.3CVSS5.2AI score0.00231EPSS
Exploits0References1
Prion
Prion
added 2024/01/12 4:15 p.m.13 views

Design/Logic Flaw

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...

1.8CVSS7.1AI score0.00231EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/12 4:4 p.m.33 views

CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...

5.3CVSS5.5AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2024/01/12 4:4 p.m.56 views

CVE-2023-28898

The CVE-2023-28898 issue involves the Real-Time Streaming Protocol (RTSP) in the MIB3 infotainment system of the Škoda Superb III (3V3) 2.0 TDI (2022). The RTSP implementation improperly handles requests to the /logs URI when the id parameter is zero, enabling a connected attacker on the in-vehic...

5.3CVSS5.2AI score0.00231EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/12 4:4 p.m.19 views

CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/12 12:0 a.m.3 views

Skoda Security Breach

Skoda is a line of automobiles from Skoda. A security vulnerability exists in the Skoda Superb III 3V3 version 2.0 TDI that stems from the Real-Time Streaming Protocol not properly handling requests for the /logs URI, allowing an attacker to launch a denial-of-service DOS attack on the infotainme...

5.3CVSS6.7AI score0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.5 views

PT-2024-1092 · D Link · D-Link Dcs-8300Lhv2

Name of the Vulnerable Software and Affected Versions: D-Link DCS-8300LHV2 affected versions not specified Description: The issue is related to a buffer overflow in the RTSP server of D-Link DCS-8300LHV2 IP cameras, allowing remote attackers to execute arbitrary code on affected installations. Th...

8.8CVSS8.1AI score0.01315EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.4 views

Tenda CP3 信任管理问题漏洞

Tenda CP3 is a smart camera from Tenda China. A security vulnerability exists in Tenda CP3 version V11.10.00.2211041355, which stems from the device containing a hardcoded default password for RTSP mentions...

9.8CVSS8.4AI score0.00659EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.4 views

SUSE CVE-2008-0225

Heap-based buffer overflow in the rmffdumpcont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmffdumpheader function and related to disregarding the max field. NOTE...

6.4CVSS8.4AI score0.14969EPSS
Exploits1References4
Rows per page
Query Builder