Tapo C310 RTSP server v1.3.0 – Unauthorised Video Stream Access

• Exploit Database
• 22 阅读

• 作者： dsclee1
  日期： 2023-03-28
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51107/

• # Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access
  # Date: 19th July 2022
  # Exploit Author: dsclee1
  # Vendor Homepage: tp-link.com
  # Software Link: http://download.tplinkcloud.com/firmware/Tapo_C310v1_en_1.3.0_Build_220328_Rel.64283n_u_1649923652150.bin
  # Version: 1.3.0
  # Tested on: Linux – running on camera
  # CVE : CVE-2022-37255
  
  These Tapo cameras work via an app. There is a facility on the app to set up a “Camera Account”, which adds user details for the RTSP server. Unfortunately if you don’t set up the user details on versions 1.3.0 and below there are default login details. I sourced these from the “cet” binary on the camera.
  
  You can gain unauthorised access to the RTSP stream using the following user details:
  
  User: ---
  
  Password: TPL075526460603