CVE-2024-42531
📋 TL;DR
This vulnerability allows unauthenticated attackers to potentially access live video streams from Ezviz Internet PT Camera CS-CV246 D15655150 by crafting specific RTSP packets. The vendor disputes the severity, claiming the exploit cannot actually obtain video/audio data. Anyone using the affected camera model is potentially impacted.
💻 Affected Systems
- Ezviz Internet PT Camera CS-CV246 D15655150
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete unauthorized access to live camera feeds, enabling surveillance of private spaces without detection.
Likely Case
Partial or intermittent access to video streams, potentially exposing sensitive visual information.
If Mitigated
No access to actual video/audio data if vendor's assessment is correct, though RTSP communication may still be established.
🎯 Exploit Status
Sample code available on GitHub demonstrates RTSP packet crafting. CVSS 9.8 suggests critical severity despite vendor dispute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: http://ezviz.com
Restart Required: No
Instructions:
Check vendor website for firmware updates. No specific patch information available at this time.
🔧 Temporary Workarounds
Network Segmentation
allIsolate camera network from internet and sensitive internal networks
RTSP Port Blocking
linuxBlock RTSP ports (typically 554, 8554) at network perimeter
iptables -A INPUT -p tcp --dport 554 -j DROP
iptables -A INPUT -p udp --dport 554 -j DROP
🧯 If You Can't Patch
- Disable RTSP streaming entirely if not required for functionality
- Implement strict network access controls allowing only trusted IPs to communicate with camera
🔍 How to Verify
Check if Vulnerable:
Test with RTSP client attempting to access stream using crafted URLs from the GitHub sample codeCheck Version:
Check camera firmware version via web interface or mobile appVerify Fix Applied:
Verify RTSP streams cannot be accessed without authentication after applying vendor updates📡 Detection & Monitoring
Log Indicators:
- Unusual RTSP connection attempts from unknown IPs
- Multiple failed authentication attempts on RTSP service
Network Indicators:
- RTSP traffic to camera from unexpected sources
- Unusual RTSP URL patterns matching exploit samples
SIEM Query:
source_ip=* AND dest_port=554 AND protocol=RTSP AND (url_contains="redirect" OR url_pattern="*specific_exploit_pattern*")