Unauthenticated RTSP Video Stream Access via ONVIF WebSocket Endpoint
ONVIF RTSP-over-WebSocket endpoint accessible without authentication.
Read the writeup →Embedded / Firmware
5 writeupsSSRF via httptest.cgi IPv6-Mapped Loopback Address Bypass
IPv6-mapped IPv4 (::ffff:127.0.0.1) bypasses the IPv4-only loopback filter on httptest.cgi.
Missing Input Validation in dnsupdate.cgi Delete Path
dnsupdate.cgi delete path skips the input validation applied to add.
Server-Side Request Forgery via pingtest.cgi Missing Address Validation
pingtest.cgi skips the camera's own validateaddr helper.
SNMP Community String Disclosure to Viewer-Privileged Users via DeviceConfig1 API
SNMP community strings returned in the viewer-role config endpoint.
Read the writeup →