Video Stream Access without Authentication on Gigaset Smarthome Camera
- Vendor: Gigaset elements GmbH
- Product: Gigaset Camera
- Affected Version: Firmware 1.10 (build 20140802)
- Severity: medium
- Short summary:
The smarthome camera “Gigaset Camera” exhibits several weaknesses and vulnerabilities. This advisorie is describing the live video stream access without authentication.
User in the same network as the camera can watch the current live stream without authentication just by calling following URLs:
RTSP H.264 stream: rtsp:///live_h264.sdp RTSP MPEG4 stream: rtsp:///live_mpeg4.sdp RTSP MJPEG stream: rtsp:///live_mjpeg.sdp HTTP APPLE stream: http:///stream.m3u8 HTTP MPEG4 stream: http:///stream.av HTTP MJPEG stream: http:///stream.jpg HTTP ASF stream: http:///stream.asf HTTP snapshot image: http:///snapshot.jpg
Disable camera or restrict access to your network for foreign clients.
Camera access without any authentication, independent of the network should not be possible.
- 2016-07-27 Vulnerability Discovered
- 2016-08-15 Vulnerability Reported
- 2016-09-14 Vulnerability Fixed