11
[remote] Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
source link: https://www.exploit-db.com/exploits/51107
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
Exploit:
/
# Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access
# Date: 19th July 2022
# Exploit Author: dsclee1
# Vendor Homepage: tp-link.com
# Software Link: http://download.tplinkcloud.com/firmware/Tapo_C310v1_en_1.3.0_Build_220328_Rel.64283n_u_1649923652150.bin
# Version: 1.3.0
# Tested on: Linux – running on camera
# CVE : CVE-2022-37255
These Tapo cameras work via an app. There is a facility on the app to set up a “Camera Account”, which adds user details for the RTSP server. Unfortunately if you don’t set up the user details on versions 1.3.0 and below there are default login details. I sourced these from the “cet” binary on the camera.
You can gain unauthorised access to the RTSP stream using the following user details:
User: ---
Password: TPL075526460603
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK