Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Serius Security Bug in the Camera IP TP-LINK NC250
I contacted with a Techical support 2 Montch ago because I detect a serius Segurity Bug in The NC250 . the answer is very very bad. " We will correct the bug in the future" ... Never being clear.
Today I'm going to make the bug public
Descripcion:
This bug allow view the video and audio without Password or user if you has change the password.
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
TP-Link
Product Affected:
TP-LINK NC250 V1 and more models its possible
Firmware afected:
1.2.1 build 170515 or less (all versions is affected)
Exploit the bug:
1º Conect to Local Network the camera (WIFI or ethernet)
2º Open VLC software in your computer connected to the Local Network and open network URL:
3º Write this rtsp://admin@yourip:554/h264_hd.sdp
4º and play
The system not check the password. Its the same change the password or no.
> [Discoverer]
> Pablo Treviño LLorens
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.