A while ago I received an Edimax Webcam, the IC-7000 PTn v3 to test for possible vulnerabilities. So I updated to the latest available firmware version, which is v1.7.

A quick portscan shows the following ports open:

It shows that the Real Time Stream Protocol (RTSP) port is open to anyone on the network, including its methods: DESCRIBE, SETUP, TEARDOWN and PLAY.

By default RTSP is configured to listen on TCP port 554 with the following settings:

EdiMax Default RTSP Settings

 

Please note the paths for both MPEG4 and H264, these are required to stream the video and will be used in order perform the authentication bypass on Edimax Webcam.

VLC Player is used to bypass the authentication (there’s simply no authentication) to stream the video from the Edimax Webcam:

VLC-Player-Edimax-RSTP-Auth-Bypass1

 

 

 

 

 

 

 

 

 

 

 

 

Enter the IP address, the RTSP port and filename and click play. Now the video stream is played, unauthenticated to anyone on the network.

Currently the only way to avoid the authentication bypass is to use long and non-guessable filenames, which in itself is not much of a protection.

Share on Facebook1Share on Google+0Tweet about this on TwitterShare on LinkedIn0Email this to someonePin on Pinterest0Share on Reddit0Digg thisShare on Tumblr0Share on Yummly0Share on StumbleUpon0Flattr the author