/gist:8f0f24c582f43f51a34b34420a385d75
Created Jul 2, 2017
Serius Security Bug in the Camera IP TP-LINK NC250
| I contacted with a Techical support 2 Montch ago because I detect a serius Segurity Bug in The NC250 . the answer is very very bad. " We will correct the bug in the future" ... Never being clear. | |
| Today I'm going to make the bug public | |
| Descripcion: | |
| This bug allow view the video and audio without Password or user if you has change the password. | |
| [Vulnerability Type] | |
| Incorrect Access Control | |
| [Vendor of Product] | |
| TP-Link | |
| Product Affected: | |
| TP-LINK NC250 V1 and more models its possible | |
| Firmware afected: | |
| 1.2.1 build 170515 or less (all versions is affected) | |
| Exploit the bug: | |
| 1º Conect to Local Network the camera (WIFI or ethernet) | |
| 2º Open VLC software in your computer connected to the Local Network and open network URL: | |
| 3º Write this rtsp://admin@yourip:554/h264_hd.sdp | |
| 4º and play | |
| The system not check the password. Its the same change the password or no. | |
| > [Discoverer] | |
| > Pablo Treviño LLorens | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment