Priyanka R. Chaudhary

**Name of the Vulnerable Software and Affected Versions** D3D Security IP Camera (affected versions not specified) **Description** The issue is related to the transmission of critical information in plain text, allowing a remote attacker to obtain user credentials by crafting a special HTTP packet. This is due to a weak authentication scheme in the HTTP header protocol, where the authorization tag contains a Base-64 encoded username and password. The vulnerability can be exploited by a remote attacker, leading to the exposure of user credentials of the targeted device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D3D Security IP Camera D8801 (affected versions not specified) **Description** The issue is related to the implementation of the Real-Time Streaming Protocol (RTSP) in the D3D Security IP Camera, which has weaknesses in its authorization procedure. This can be exploited by a remote attacker using a specially crafted RTSP packet to gain unauthorized access to the live video feed. The vulnerability affects products that are no longer supported by the manufacturer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.