Streaming Vulnerability in GALAYOU G2 Cameras Exposes Video Outputs
CVE-2025-9983

7.1HIGH

Key Information:

Vendor: Galayou
Status: G2
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-9983?

GALAYOU G2 cameras facilitate video streaming through RTSP, but the streams are inadequately secured with randomly generated credentials that can be bypassed without authentication. This flaw allows unauthorized access to the video output, posing a significant risk to user privacy and security. Despite testing only one version, it's possible that other versions may also be affected, as the vendor has not issued a response to address this issue.

Affected Version(s)

G2 11.100001.01.28

References

https://cert.pl/en/posts/2025/09/CVE-2025-9983

third-party-advisory

https://www.galayou-store.com/g2

product

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Sep 4, 2025

Credit

Szymon Paszun

Galayou

What is CVE-2025-9983?

Affected Version(s)

References

CVSS V4

Timeline

Credit