Plataforma
other
Componente
vivotek-ip7137-camera
CVE-2025-66049 describes an information disclosure vulnerability affecting the Vivotek IP7137 camera running firmware version 0200a. This flaw allows unauthorized users with network access to view the camera's live feed without authentication via the RTSP protocol on port 8554, potentially exposing sensitive areas and compromising user privacy. Due to the product reaching its End-of-Life phase, a security patch is not anticipated.
The primary impact of this vulnerability is the unauthorized viewing of live camera footage. An attacker with network access can exploit this flaw to gain visual surveillance of areas covered by the camera, potentially revealing sensitive information or activities. This could be used for malicious purposes such as theft, vandalism, or stalking. The blast radius extends to anyone who could access the network where the camera is deployed. While no direct data exfiltration is possible through this vulnerability, the visual information obtained could be used in conjunction with other attacks or for reconnaissance purposes. The lack of authentication makes this vulnerability particularly concerning, as it requires minimal effort to exploit.
This vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is likely to be low to medium, reflecting the need for network access to exploit the vulnerability, but the potential impact of unauthorized surveillance is significant. Public proof-of-concept exploits are not currently known, but the simplicity of the vulnerability suggests that they may emerge. The vulnerability was publicly disclosed on 2026-01-09.
Organizations utilizing Vivotek IP7137 cameras in environments where visual surveillance is critical, such as retail stores, schools, or office buildings, are at significant risk. Specifically, deployments where the camera is accessible from untrusted networks or shared hosting environments are particularly vulnerable. Legacy installations that have not been regularly updated or secured are also at increased risk.
• windows / supply-chain: Monitor network traffic for connections to the IP7137 camera on port 8554.
• linux / server: Use ss -tulnp | grep 8554 to identify processes listening on port 8554.
• generic web: Use curl -v <camera_ip>:8554 to check for RTSP stream exposure without authentication.
disclosure
Estado del Exploit
EPSS
0.07% (22% percentil)
CISA SSVC
Given that a security patch is not expected from the vendor due to the product's End-of-Life status, mitigation strategies should focus on network segmentation and access control. Isolate the IP7137 camera on a separate VLAN with restricted access. Implement firewall rules to block external access to port 8554 and only allow connections from trusted internal IP addresses. Consider disabling the RTSP service entirely if it is not essential. Regularly monitor network traffic for suspicious activity. Since a patch is unavailable, a rollback to a previous firmware version is not possible. Carefully evaluate the risks associated with continuing to use this device and consider replacing it with a supported model.
Dado que el producto ha alcanzado su fin de vida útil y no se espera una actualización, la única solución es descontinuar el uso de la cámara o aislarla en una red segmentada sin acceso a internet para mitigar el riesgo de acceso no autorizado al flujo de video. Considere reemplazar la cámara por un modelo más reciente con soporte de seguridad actualizado.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-66049 is a vulnerability in the Vivotek IP7137 camera (firmware 0200a) allowing unauthorized viewing of live camera footage via RTSP without authentication.
You are affected if you are using a Vivotek IP7137 camera with firmware version 0200a and it is accessible from a network where unauthorized users may be present.
A security patch is not expected due to the product's End-of-Life status. Mitigate by isolating the camera on a separate VLAN, restricting access to port 8554, and considering disabling the RTSP service.
There are currently no reports of active exploitation, but the simplicity of the vulnerability suggests it may be targeted in the future.
The vendor has not released an advisory. Monitor security news sources for updates.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.