CVE-2024-42531
CRITICALEzviz Internet PT Camera CS-CV246 D15655150 - SSRF
Title source: llmDescription
Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk.
References (2)
Core 2
Core References
Various Sources
https://github.com/Anonymous120386/Anonymous
Various Sources
http://ezviz.com
Scores
CVSS v3
9.8
EPSS
0.0058
EPSS Percentile
43.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-20
Status
published
Published
Aug 23, 2024
Tracked Since
Feb 18, 2026