Platform
other
Component
vivotek-ip7137-camera
CVE-2025-66049 describes an information disclosure vulnerability affecting the Vivotek IP7137 camera running firmware version 0200a. This flaw allows unauthorized users with network access to view the camera's live feed without authentication via the RTSP protocol on port 8554, potentially exposing sensitive areas and compromising user privacy. Due to the product reaching its End-of-Life phase, a security patch is not anticipated.
The primary impact of this vulnerability is the unauthorized viewing of live camera footage. An attacker with network access can exploit this flaw to gain visual surveillance of areas covered by the camera, potentially revealing sensitive information or activities. This could be used for malicious purposes such as theft, vandalism, or stalking. The blast radius extends to anyone who could access the network where the camera is deployed. While no direct data exfiltration is possible through this vulnerability, the visual information obtained could be used in conjunction with other attacks or for reconnaissance purposes. The lack of authentication makes this vulnerability particularly concerning, as it requires minimal effort to exploit.
This vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is likely to be low to medium, reflecting the need for network access to exploit the vulnerability, but the potential impact of unauthorized surveillance is significant. Public proof-of-concept exploits are not currently known, but the simplicity of the vulnerability suggests that they may emerge. The vulnerability was publicly disclosed on 2026-01-09.
Organizations utilizing Vivotek IP7137 cameras in environments where visual surveillance is critical, such as retail stores, schools, or office buildings, are at significant risk. Specifically, deployments where the camera is accessible from untrusted networks or shared hosting environments are particularly vulnerable. Legacy installations that have not been regularly updated or secured are also at increased risk.
• windows / supply-chain: Monitor network traffic for connections to the IP7137 camera on port 8554.
• linux / server: Use ss -tulnp | grep 8554 to identify processes listening on port 8554.
• generic web: Use curl -v <camera_ip>:8554 to check for RTSP stream exposure without authentication.
disclosure
Exploit Status
EPSS
0.07% (22% percentiel)
CISA SSVC
Given that a security patch is not expected from the vendor due to the product's End-of-Life status, mitigation strategies should focus on network segmentation and access control. Isolate the IP7137 camera on a separate VLAN with restricted access. Implement firewall rules to block external access to port 8554 and only allow connections from trusted internal IP addresses. Consider disabling the RTSP service entirely if it is not essential. Regularly monitor network traffic for suspicious activity. Since a patch is unavailable, a rollback to a previous firmware version is not possible. Carefully evaluate the risks associated with continuing to use this device and consider replacing it with a supported model.
Aangezien het product het einde van zijn levensduur heeft bereikt en er geen update wordt verwacht, is de enige oplossing om het gebruik van de camera te staken of deze te isoleren in een gesegmenteerd netwerk zonder internettoegang om het risico van ongeautoriseerde toegang tot de videostream te beperken. Overweeg de camera te vervangen door een nieuwer model met actuele beveiligingsondersteuning.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-66049 is a vulnerability in the Vivotek IP7137 camera (firmware 0200a) allowing unauthorized viewing of live camera footage via RTSP without authentication.
You are affected if you are using a Vivotek IP7137 camera with firmware version 0200a and it is accessible from a network where unauthorized users may be present.
A security patch is not expected due to the product's End-of-Life status. Mitigate by isolating the camera on a separate VLAN, restricting access to port 8554, and considering disabling the RTSP service.
There are currently no reports of active exploitation, but the simplicity of the vulnerability suggests it may be targeted in the future.
The vendor has not released an advisory. Monitor security news sources for updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.