Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Serius Security Bug in the Camera IP TP-LINK NC250
I contacted with a Techical support 2 Montch ago because I detect a serius Segurity Bug in The NC250 . the answer is very very bad. " We will correct the bug in the future" ... Never being clear.
Today I'm going to make the bug public
This bug allow view the video and audio without Password or user if you has change the password.
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
Product Affected:
TP-LINK NC250 V1 and more models its possible
Firmware afected:
1.2.1 build 170515 or less (all versions is affected)
Exploit the bug:
1º Conect to Local Network the camera (WIFI or ethernet)
2º Open VLC software in your computer connected to the Local Network and open network URL:
3º Write this rtsp://admin@yourip:554/h264_hd.sdp
4º and play
The system not check the password. Its the same change the password or no.
> [Discoverer]
> Pablo Treviño LLorens
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment