Serius Security Bug in the Camera IP TP-LINK NC250
I contacted with a Techical support 2 Montch ago because I detect a serius Segurity Bug in The NC250 . the answer is very very bad. " We will correct the bug in the future" ... Never being clear. | |
Today I'm going to make the bug public | |
Descripcion: | |
This bug allow view the video and audio without Password or user if you has change the password. | |
[Vulnerability Type] | |
Incorrect Access Control | |
[Vendor of Product] | |
TP-Link | |
Product Affected: | |
TP-LINK NC250 V1 and more models its possible | |
Firmware afected: | |
1.2.1 build 170515 or less (all versions is affected) | |
Exploit the bug: | |
1º Conect to Local Network the camera (WIFI or ethernet) | |
2º Open VLC software in your computer connected to the Local Network and open network URL: | |
3º Write this rtsp://admin@yourip:554/h264_hd.sdp | |
4º and play | |
The system not check the password. Its the same change the password or no. | |
> [Discoverer] | |
> Pablo Treviño LLorens | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment