CVE-2025-9983

HIGH

GALAYOU G2 - Info Disclosure

Title source: llm

Description

GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only version 11.100001.01.28 was tested, other versions might also be vulnerable.

Exploits (1)

github WORKING POC
by sohaibeb · pythonpoc
https://github.com/sohaibeb/CVE-2025-9983

References (2)

Scores

CVSS v4 7.1
EPSS 0.0003
EPSS Percentile 8.5%
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE
CWE-306
Status published
Products (1)
GALAYOU/G2 11.100001.01.28
Published Sep 22, 2025
Tracked Since Feb 18, 2026