CVE-2024-42531
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk44th percentile - higher than 44% of all known CVEs
Summary
The Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with specific URLs that can redirect the camera feed. The vendor claims that the sample code can establish RTSP communication but cannot obtain video or audio data, thus no risk.
Risk Assessment
The risk involves potential unauthorized viewing of the camera's live video stream by an attacker without authentication, which could compromise privacy and security of the monitored area.
Recommendation
It is recommended to immediately update the camera firmware to the latest version and configure authentication for RTSP access. If no update is available, restrict network access to the camera to trusted hosts only.
Original NVD description (English source)
Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk.

