Last active
August 26, 2019 15:24
-
-
Save elbauldelgeek/8f0f24c582f43f51a34b34420a385d75 to your computer and use it in GitHub Desktop.
Serius Security Bug in the Camera IP TP-LINK NC250
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I contacted with a Techical support 2 Montch ago because I detect a serius Segurity Bug in The NC250 . the answer is very very bad. " We will correct the bug in the future" ... Never being clear. | |
Today I'm going to make the bug public | |
Descripcion: | |
This bug allow view the video and audio without Password or user if you has change the password. | |
[Vulnerability Type] | |
Incorrect Access Control | |
[Vendor of Product] | |
TP-Link | |
Product Affected: | |
TP-LINK NC250 V1 and more models its possible | |
Firmware afected: | |
1.2.1 build 170515 or less (all versions is affected) | |
Exploit the bug: | |
1º Conect to Local Network the camera (WIFI or ethernet) | |
2º Open VLC software in your computer connected to the Local Network and open network URL: | |
3º Write this rtsp://admin@yourip:554/h264_hd.sdp | |
4º and play | |
The system not check the password. Its the same change the password or no. | |
> [Discoverer] | |
> Pablo Treviño LLorens | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment