FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-51362

Missing Authentication for Critical Function (CWE-306)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-51362

Nov 5, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-51362. See article

Nov 5, 2024 at 5:25 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 5, 2024 at 5:25 PM
Threat Intelligence Report

CVE-2024-51362 is a critical vulnerability in the LSC Smart Connect Indoor IP Camera, stemming from an exposed RTSP port (8554) that lacks authentication, allowing unauthorized access to live video feeds. This vulnerability poses significant privacy and security risks, as it can be exploited for malicious surveillance purposes. The article does not provide information on CVSS scores, proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors. See article

Nov 5, 2024 at 5:36 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 6, 2024 at 10:26 AM
CVSS

A CVSS base score of 6.5 has been assigned.

Nov 6, 2024 at 8:40 PM / nvd
Static CVE Timeline Graph

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

References

CVE-2024-51362
Hacking Blog - Article Index / 14d
Typically, users would only access the camera through the LSC Smart Home app, and nowhere in the product’s documentation does it mention the availability of the RTSP feed on this port. The potential impact of this vulnerability is significant, as it compromises the privacy and security of users who rely on these cameras for monitoring and surveillance purposes.

News

CVE-2024-51362
INCIBE-CERT - Vulnerabilities RSS / 14d
No credentials or special permissions are required, and access can be gained remotely over the network. Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CVE-2024-51362 | LSC Smart Connect Indoor IP Camera up to 7.6.32 RTSP Protocol information disclosure
VulDB Recent Entries / 14d
A vulnerability classified as problematic has been found in LSC Smart Connect Indoor IP Camera up to 7.6.32 . This affects an unknown part of the component RTSP Protocol Handler . The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-51362 . It is possible to initiate the attack remotely. There is no exploit available.
CVE / 14d
CVE-2024-51362 The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network. https://www. cve.org/CVERecord?id=CVE-2024- 51362 https:// shinxyy.github.io/blogs/CVE_20 24_51362.html # CVE_2024_51362 # bot
CVE-2024-51362
Vulners.com RSS Feed / 14d
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the...
CVE-2024-51362
National Vulnerability Database / 14d
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network.
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 6.5(29816)CWE-306(1267)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial