CVE-2025-66049
📋 TL;DR
Vivotek IP7137 cameras with firmware version 0200a allow unauthenticated access to live RTSP video feeds on port 8554. This affects all users of these cameras, particularly those with network-accessible devices, as the vendor has declared End-Of-Life and won't release patches.
💻 Affected Systems
- Vivotek IP7137 camera
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete privacy breach with continuous surveillance of private spaces, potential blackmail material collection, and integration into botnets for malicious streaming.
Likely Case
Unauthorized viewing of camera feeds in homes, businesses, or sensitive areas, leading to privacy violations and potential reconnaissance for physical security breaches.
If Mitigated
Limited exposure if cameras are isolated on internal networks with strict firewall rules, though insider threats remain possible.
🎯 Exploit Status
Exploitation requires only network access to port 8554 and knowledge of the RTSP stream URL pattern. No authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None
Vendor Advisory: None
Restart Required: No
Instructions:
No official patch available due to End-Of-Life status. Replace with supported hardware or implement workarounds.
🔧 Temporary Workarounds
Network Segmentation
allIsolate cameras on a separate VLAN with strict firewall rules blocking all external access to port 8554.
Disable RTSP Protocol
allTurn off RTSP streaming in camera settings if not required for functionality.
Access Control Lists
linuxImplement IP-based restrictions to only allow trusted systems to connect to port 8554.
iptables -A INPUT -p tcp --dport 8554 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 8554 -j DROP
🧯 If You Can't Patch
- Physically disconnect cameras from networks when not in use or replace with supported models.
- Deploy network monitoring to detect unauthorized access attempts to port 8554.
🔍 How to Verify
Check if Vulnerable:
Attempt to access the RTSP stream without credentials: use a tool like VLC or ffmpeg to connect to rtsp://CAMERA_IP:8554/live.sdpCheck Version:
Check camera web interface or use manufacturer-specific CLI commands (varies by model).Verify Fix Applied:
After implementing workarounds, verify that unauthenticated RTSP connections fail or are blocked.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts on RTSP port
- Unexpected connections to port 8554 from unauthorized IPs
Network Indicators:
- Unencrypted RTSP traffic to port 8554 from unexpected sources
- High volume of connections to camera RTSP port
SIEM Query:
source_port=8554 AND (NOT src_ip IN [trusted_ips])