| Название | BD dashcam BD S1 Improper Access Controls |
|---|
| Описание | Unauthenticated Access of Livestream and Download of Video Recordings
Once connected to the dashcam, an attacker can dump all video recordings via rtsp://$DASHCAM_IP:554/$filename without any further authentication. To obtain a list of video recording file names, the following steps need to be performed via API calls on port 80:
-register the client
-start live
-set work mode
-fetch file list
An attacker connected to the dashcam's network can access the live feed and dump all sensitive video recordings. |
|---|
| Источник | ⚠️ https://github.com/geo-chen/BD |
|---|
| Пользователь | geochen (UID 78995) |
|---|
| Представление | 11.06.2025 17:26 (10 месяцы назад) |
|---|
| Модерация | 23.06.2025 16:16 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 313648 [SIFUSM/MZZYG BD S1 до 20250611 RTSP Live Video Stream Endpoint эскалация привилегий] |
|---|
| Баллы | 20 |
|---|