Vulnerability in Ezviz Internet PT Camera Allows Unauthorized Video Stream Access
CVE-2024-42531

9.8CRITICAL

Key Information:

Vendor: Ezviz
Status: Ezviz Internet PT Camera
Vendor: CVE Published:; 23 August 2024

What is CVE-2024-42531?

The Ezviz Internet PT Camera CS-CV246 has a vulnerability that enables an unauthenticated host to access its live video stream. By carefully crafting RTSP packets with specific URLs, an attacker can redirect the camera's feed. Although the vendor claims that a sample code can initiate RTSP communication without accessing video or audio, this raises concerns about the effectiveness of authentication mechanisms in place, potentially exposing sensitive surveillance data.

References

http://ezviz.com

https://github.com/Anonymous120386/Anonymous

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Aug 5, 2024

CVE-2024-42531 Data

JSON