Video Stream Access without Authentication on Gigaset Smarthome Camera

Report ID



  • Vendor: Gigaset elements GmbH
  • Product: Gigaset Camera
  • Affected Version: Firmware 1.10 (build 20140802)
  • Severity: medium
  • Short summary:
    The smarthome camera “Gigaset Camera” exhibits several weaknesses and vulnerabilities. This advisorie is describing the live video stream access without authentication.


User in the same network as the camera can watch the current live stream without authentication just by calling following URLs:

RTSP H.264 stream: rtsp:///live_h264.sdp
RTSP MPEG4 stream: rtsp:///live_mpeg4.sdp
RTSP MJPEG stream: rtsp:///live_mjpeg.sdp
HTTP APPLE stream: http:///stream.m3u8
HTTP MPEG4 stream: http:///stream.av
HTTP MJPEG stream: http:///stream.jpg
HTTP ASF stream: http:///stream.asf
HTTP snapshot image: http:///snapshot.jpg


Disable camera or restrict access to your network for foreign clients.

Suggested Mitigation

Camera access without any authentication, independent of the network should not be possible.


  • 2016-07-27 Vulnerability Discovered
  • 2016-08-15 Vulnerability Reported
  • 2016-09-14 Vulnerability Fixed