关于漏洞的关键信息 漏洞标题: BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure Advisory ID: ZSL-2019-5509 类型: Remote/Local 影响: Exposure of System Information, Exposure of Sensitive Information 风险: (3/5) 发布日期: 04.02.2019 概述 The N100 compact color IP camera avec support for a more efficient compression formaat is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a break in communication with the remote file storage, it can continue recording to the microSDHC memory card. N100 is easy to install and configure, has all the necessary arsenal for the organization of low-cost professional video surveillance systems. 描述 BEWARD N100 camera suffers from an unauthenticated and unauthorized live RTSP video stream access. 生产商 Beward R&D Co., Ltd - https://www.beward.net 影响的版本 M2.1.6.04C014 测试平台 Boa/0.94.14rc21 Farady ARM Linux 2.6 生产商状态 [26.01.2019] Vulnerability discovered. [28.11.2018] Vendor contacted. [03.02.2019] No response from the vendor. [04.02.2019] Public security advisory released. PoC beward_rtsp.txt 致谢 Vulnerabiblity discovered by Gjoko Krstic - 参考链接 [1] https://www.exploit-db.com/exploits/46317 [2] https://packetstormsecurity.com/files/151528 [3] https://exchange.xforce.ibmcloud.com/vulnerabilities/156597 更新日志 [04.02.2019] - Initial release [10.02.2019] - Added reference [1], [2] and [3]