CVE-2018-13115

Name of the Vulnerable Software and Affected Versions KERUI Wifi Endoscope Camera (YPC99) (affected versions not specified)

Description The issue concerns a lack of authentication in the KERUI Wifi Endoscope Camera, allowing unauthorized access to watch or block the camera stream. Specifically, the RTSP server on port 7070 is vulnerable, as it accepts commands without proper authentication. An attacker can use the STOP command to stop streaming and the SETSSID command to disconnect a user.

Recommendations For KERUI Wifi Endoscope Camera (YPC99), consider disabling the RTSP server on port 7070 until a proper authentication mechanism is implemented to prevent unauthorized access to the camera stream. Restrict access to the STOP and SETSSID commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.