CVE-2024-42531

Name of the Vulnerable Software and Affected Versions Ezviz Internet PT Camera versions V5.3 (build 191225) through V9.1.17.1.4-20180428 Ezviz Internet PT Camera CS-CV246 D15655150

Description The issue allows an unauthenticated host to access the live video stream of the Ezviz Internet PT Camera by crafting a set of RTSP packets with a specific set of URLs. This can redirect the camera feed, potentially allowing unauthorized access to the video stream.

Recommendations For Ezviz Internet PT Camera versions V5.3 (build 191225) through V9.1.17.1.4-20180428, consider restricting access to the RTSP protocol until a patch is available. For Ezviz Internet PT Camera CS-CV246 D15655150, as a temporary workaround, consider disabling the RTSP protocol communication until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.