Unauthenticated Access and Control of KERUI Wifi Endoscope Camera (YPC99)

Unauthenticated Access and Control of KERUI Wifi Endoscope Camera (YPC99)

CVE-2018-13115 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user.

Learn more about our Cis Benchmark Audit For Server Software.