11

[remote] Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access

 1 year ago
source link: https://www.exploit-db.com/exploits/51107
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access

EDB-ID:

51107

EDB Verified:

Exploit:

  /  

Platform:

Hardware

Date:

2023-03-28

Vulnerable App:

# Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access
# Date: 19th July 2022
# Exploit Author: dsclee1
# Vendor Homepage: tp-link.com
# Software Link: http://download.tplinkcloud.com/firmware/Tapo_C310v1_en_1.3.0_Build_220328_Rel.64283n_u_1649923652150.bin
# Version: 1.3.0
# Tested on: Linux – running on camera
# CVE : CVE-2022-37255

These Tapo cameras work via an app. There is a facility on the app to set up a “Camera Account”, which adds user details for the RTSP server. Unfortunately if you don’t set up the user details on versions 1.3.0 and below there are default login details. I sourced these from the “cet” binary on the camera.

You can gain unauthorised access to the RTSP stream using the following user details:

User: ---

Password: TPL075526460603

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK