CVE Catalog

CVE-2024-42531

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.58%

44th percentile - higher than 44% of all known CVEs

Summary

The Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with specific URLs that can redirect the camera feed. The vendor claims that the sample code can establish RTSP communication but cannot obtain video or audio data, thus no risk.

Risk Assessment

The risk involves potential unauthorized viewing of the camera's live video stream by an attacker without authentication, which could compromise privacy and security of the monitored area.

Recommendation

It is recommended to immediately update the camera firmware to the latest version and configure authentication for RTSP access. If no update is available, restrict network access to the camera to trusted hosts only.

Original NVD description (English source)

Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS