Plateforme
other
Composant
vivotek-ip7137-camera
CVE-2025-66049 describes an information disclosure vulnerability affecting the Vivotek IP7137 camera running firmware version 0200a. This flaw allows unauthorized users with network access to view the camera's live feed without authentication via the RTSP protocol on port 8554, potentially exposing sensitive areas and compromising user privacy. Due to the product reaching its End-of-Life phase, a security patch is not anticipated.
The primary impact of this vulnerability is the unauthorized viewing of live camera footage. An attacker with network access can exploit this flaw to gain visual surveillance of areas covered by the camera, potentially revealing sensitive information or activities. This could be used for malicious purposes such as theft, vandalism, or stalking. The blast radius extends to anyone who could access the network where the camera is deployed. While no direct data exfiltration is possible through this vulnerability, the visual information obtained could be used in conjunction with other attacks or for reconnaissance purposes. The lack of authentication makes this vulnerability particularly concerning, as it requires minimal effort to exploit.
This vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is likely to be low to medium, reflecting the need for network access to exploit the vulnerability, but the potential impact of unauthorized surveillance is significant. Public proof-of-concept exploits are not currently known, but the simplicity of the vulnerability suggests that they may emerge. The vulnerability was publicly disclosed on 2026-01-09.
Organizations utilizing Vivotek IP7137 cameras in environments where visual surveillance is critical, such as retail stores, schools, or office buildings, are at significant risk. Specifically, deployments where the camera is accessible from untrusted networks or shared hosting environments are particularly vulnerable. Legacy installations that have not been regularly updated or secured are also at increased risk.
• windows / supply-chain: Monitor network traffic for connections to the IP7137 camera on port 8554.
• linux / server: Use ss -tulnp | grep 8554 to identify processes listening on port 8554.
• generic web: Use curl -v <camera_ip>:8554 to check for RTSP stream exposure without authentication.
disclosure
Statut de l'Exploit
EPSS
0.07% (percentile 22%)
CISA SSVC
Given that a security patch is not expected from the vendor due to the product's End-of-Life status, mitigation strategies should focus on network segmentation and access control. Isolate the IP7137 camera on a separate VLAN with restricted access. Implement firewall rules to block external access to port 8554 and only allow connections from trusted internal IP addresses. Consider disabling the RTSP service entirely if it is not essential. Regularly monitor network traffic for suspicious activity. Since a patch is unavailable, a rollback to a previous firmware version is not possible. Carefully evaluate the risks associated with continuing to use this device and consider replacing it with a supported model.
Étant donné que le produit a atteint sa fin de vie et qu'aucune mise à jour n'est attendue, la seule solution consiste à arrêter d'utiliser la caméra ou à l'isoler dans un réseau segmenté sans accès à Internet pour atténuer le risque d'accès non autorisé au flux vidéo. Envisagez de remplacer la caméra par un modèle plus récent avec un support de sécurité mis à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-66049 is a vulnerability in the Vivotek IP7137 camera (firmware 0200a) allowing unauthorized viewing of live camera footage via RTSP without authentication.
You are affected if you are using a Vivotek IP7137 camera with firmware version 0200a and it is accessible from a network where unauthorized users may be present.
A security patch is not expected due to the product's End-of-Life status. Mitigate by isolating the camera on a separate VLAN, restricting access to port 8554, and considering disabling the RTSP service.
There are currently no reports of active exploitation, but the simplicity of the vulnerability suggests it may be targeted in the future.
The vendor has not released an advisory. Monitor security news sources for updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.