| 标题 | 70mai dashcam M300 Improper Authentication |
|---|
| 描述 | Unauthenticated Live Video Stream
Once connected to the network of 70mai Dashcam M300, an attacker can remotely access the live stream of the dashcam without authentication using the rtsp port:
rtsp://192.168.0.1:554/livestream/12
A remote attacker nearby can connect to the dashcam to view livestream without the dashcam owner's knowledge (no voice guidance or sounds triggered). |
|---|
| 来源 | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-6-unauthenticated-live-video-stream |
|---|
| 用户 | geochen (UID 78995) |
|---|
| 提交 | 2025-06-11 17時21分 (10 月前) |
|---|
| 管理 | 2025-06-23 16時11分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 313645 [70mai M300 直到 20250611 RTSP Live Video Stream Endpoint /livestream/12 弱身份验证] |
|---|
| 积分 | 19 |
|---|