来源

关联漏洞

描述

CVE-2025-9983 POC Exploit

介绍

# CVE-2025-9983 - GALAYOU G2 RTSP EXPLOIT /!\

> **Disclaimer:** This script is provided 'as is' and exclusively for educational purposes. Users are strongly advised to exercise caution and utilize it within the boundaries of legal and ethical considerations.

## Description
Python POC for **CVE-2025-9983**, an RTSP credential bypass vulnerability in **GALAYOU G2 security cameras** which allows an unauthenticated threat actor to access live video feeds without valid credentials.
The tool works by scanning for accessible RTSP streams and verifying that authentication credentials can be completely bypassed.


## Features

- **Stream Discovery**: Automatically discovers common RTSP stream endpoints.
- **Credential Bypass**: Verifies authentication bypass by testing streams without credentials.
- **Proof Capture**: Records video evidence from vulnerable streams.
- **Batch Scanning**: Checks multiple stream paths simultaneously.
- **Error Handling**: Handles connection timeouts and network errors gracefully.
- **Detailed Reporting**: Outputs vulnerable streams with proof of access.

## Requirements
- Python 3.x
- FFmpeg tools (`ffprobe` and `ffmpeg`)

## Usage
```bash
python galayou_exploit.py 10.10.12.11
```

## About
[![made-with-python](https://img.shields.io/badge/Made%20with-Python-blue.svg)](https://www.python.org/) 
[![Python 3.x](https://img.shields.io/badge/Python-3.x-blue.svg)](https://www.python.org/downloads/release/python-360/)
[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)
[![email-contact](https://img.shields.io/badge/info@cybersec.sohaib.eu-blue.svg)](mailto:info@cybersec.sohaib.eu)

文件快照

 [4.0K]  /data/pocs/870da13fddbe57bff72cd022e9dd01e1046cf500
├── [2.7K]  CVE-2025-9983_v1.py
├── [ 34K]  LICENSE
└── [1.6K]  README.md

0 directories, 3 files

备注