CVE-2018-13115
MEDIUMKERUI Wifi Endoscope Camera YPC99 - Unauthenticated Camera Stream Manipulation via RTSP Commands
Title source: llmDescription
Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://utkusen.com/blog/multiple-vulnerabilities-on-kerui-endoscope-camera.html
Scores
CVSS v3
6.5
EPSS
0.0102
EPSS Percentile
59.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (1)
keruigroup/ypc99_firmware
Published
Oct 22, 2018
Tracked Since
Feb 18, 2026