CVE-2018-13115

MEDIUM

KERUI Wifi Endoscope Camera YPC99 - Unauthenticated Camera Stream Manipulation via RTSP Commands

Title source: llm
STIX 2.1

Description

Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user.

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0102
EPSS Percentile 59.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-20
Status published
Products (1)
keruigroup/ypc99_firmware
Published Oct 22, 2018
Tracked Since Feb 18, 2026