Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-9983. PoCs published by sohaibeb.
AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2025-9983, an RTSP credential bypass vulnerability in GALAYOU G2 security cameras. The exploit scans for accessible RTSP streams and verifies authentication bypass by testing streams without credentials, capturing video evidence from vulnerable streams.
Description
GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only version 11.100001.01.28 was tested, other versions might also be vulnerable.
Exploits (1)
This repository contains a functional Python exploit for CVE-2025-9983, an RTSP credential bypass vulnerability in GALAYOU G2 security cameras. The exploit scans for accessible RTSP streams and verifies authentication bypass by testing streams without credentials, capturing video evidence from vulnerable streams.
References (2)
Scores
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X