CVE-2025-9983 PoC — GALAYOU G2 访问控制错误漏洞

Source

Associated Vulnerability

Description

CVE-2025-9983 POC Exploit

Readme

# CVE-2025-9983 - GALAYOU G2 RTSP EXPLOIT /!\

> **Disclaimer:** This script is provided 'as is' and exclusively for educational purposes. Users are strongly advised to exercise caution and utilize it within the boundaries of legal and ethical considerations.

## Description
Python POC for **CVE-2025-9983**, an RTSP credential bypass vulnerability in **GALAYOU G2 security cameras** which allows an unauthenticated threat actor to access live video feeds without valid credentials.
The tool works by scanning for accessible RTSP streams and verifying that authentication credentials can be completely bypassed.


## Features

- **Stream Discovery**: Automatically discovers common RTSP stream endpoints.
- **Credential Bypass**: Verifies authentication bypass by testing streams without credentials.
- **Proof Capture**: Records video evidence from vulnerable streams.
- **Batch Scanning**: Checks multiple stream paths simultaneously.
- **Error Handling**: Handles connection timeouts and network errors gracefully.
- **Detailed Reporting**: Outputs vulnerable streams with proof of access.

## Requirements
- Python 3.x
- FFmpeg tools (`ffprobe` and `ffmpeg`)

## Usage
```bash
python galayou_exploit.py 10.10.12.11
```

## About
[![made-with-python](https://img.shields.io/badge/Made%20with-Python-blue.svg)](https://www.python.org/) 
[![Python 3.x](https://img.shields.io/badge/Python-3.x-blue.svg)](https://www.python.org/downloads/release/python-360/)
[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)
[![email-contact](https://img.shields.io/badge/info@cybersec.sohaib.eu-blue.svg)](mailto:info@cybersec.sohaib.eu)

File Snapshot

 [4.0K]  /data/pocs/870da13fddbe57bff72cd022e9dd01e1046cf500
├── [2.7K]  CVE-2025-9983_v1.py
├── [ 34K]  LICENSE
└── [1.6K]  README.md

1 directory, 3 files

Remarks