N/A

Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware (until Webware version V1.0.1) allows attackers to view an RTSP stream by connecting to the stream with hidden credentials (guest or user) that are neither displayed nor configurable in the camera's CamHi or keye mobile management application. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.

N/A

N/A

Hisilicon Hi3510 权限许可和访问控制问题漏洞

Hisilicon Hi3510是中国海思半导体（Hisilicon）公司的一款IP摄像机使用的固件。 Hisilicon Hi3510固件中存在安全漏洞，该漏洞源于不正确的访问控制。攻击者可借助后门凭证利用该漏洞查看RTSP流。以下厂商受到影响：LOOSAFE；LEVCOECAM；Sywstoda；BESDER；WUSONGLUSAN；GADINAN；Unitoptek；ESCAM等。

N/A

N/A