CVE-2019-10711

Name of the Vulnerable Software and Affected Versions Hisilicon Hi3510 firmware versions prior to Webware version V1.0.1

Description The issue concerns incorrect access control in the RTSP stream and web portal of IP cameras based on Hisilicon Hi3510 firmware. Attackers can view an RTSP stream by connecting with hidden credentials, such as guest or user, which are not displayed or configurable in the camera's management application. This affects various devices, including those labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, and ESCAM.

Recommendations For Hisilicon Hi3510 firmware versions prior to Webware version V1.0.1, update to Webware version V1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the RTSP stream and web portal until the update is applied.