Plataforma
other
Componente
vivotek-ip7137-camera
CVE-2025-66049 describes an information disclosure vulnerability affecting the Vivotek IP7137 camera running firmware version 0200a. This flaw allows unauthorized users with network access to view the camera's live feed without authentication via the RTSP protocol on port 8554, potentially exposing sensitive areas and compromising user privacy. Due to the product reaching its End-of-Life phase, a security patch is not anticipated.
The primary impact of this vulnerability is the unauthorized viewing of live camera footage. An attacker with network access can exploit this flaw to gain visual surveillance of areas covered by the camera, potentially revealing sensitive information or activities. This could be used for malicious purposes such as theft, vandalism, or stalking. The blast radius extends to anyone who could access the network where the camera is deployed. While no direct data exfiltration is possible through this vulnerability, the visual information obtained could be used in conjunction with other attacks or for reconnaissance purposes. The lack of authentication makes this vulnerability particularly concerning, as it requires minimal effort to exploit.
This vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is likely to be low to medium, reflecting the need for network access to exploit the vulnerability, but the potential impact of unauthorized surveillance is significant. Public proof-of-concept exploits are not currently known, but the simplicity of the vulnerability suggests that they may emerge. The vulnerability was publicly disclosed on 2026-01-09.
Organizations utilizing Vivotek IP7137 cameras in environments where visual surveillance is critical, such as retail stores, schools, or office buildings, are at significant risk. Specifically, deployments where the camera is accessible from untrusted networks or shared hosting environments are particularly vulnerable. Legacy installations that have not been regularly updated or secured are also at increased risk.
• windows / supply-chain: Monitor network traffic for connections to the IP7137 camera on port 8554.
• linux / server: Use ss -tulnp | grep 8554 to identify processes listening on port 8554.
• generic web: Use curl -v <camera_ip>:8554 to check for RTSP stream exposure without authentication.
disclosure
Status do Exploit
EPSS
0.07% (percentil 22%)
CISA SSVC
Given that a security patch is not expected from the vendor due to the product's End-of-Life status, mitigation strategies should focus on network segmentation and access control. Isolate the IP7137 camera on a separate VLAN with restricted access. Implement firewall rules to block external access to port 8554 and only allow connections from trusted internal IP addresses. Consider disabling the RTSP service entirely if it is not essential. Regularly monitor network traffic for suspicious activity. Since a patch is unavailable, a rollback to a previous firmware version is not possible. Carefully evaluate the risks associated with continuing to use this device and consider replacing it with a supported model.
Dado que o produto atingiu seu fim de vida útil e não se espera uma atualização, a única solução é descontinuar o uso da câmera ou isolá-la em uma rede segmentada sem acesso à internet para mitigar o risco de acesso não autorizado ao fluxo de vídeo. Considere substituir a câmera por um modelo mais recente com suporte de segurança atualizado.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-66049 is a vulnerability in the Vivotek IP7137 camera (firmware 0200a) allowing unauthorized viewing of live camera footage via RTSP without authentication.
You are affected if you are using a Vivotek IP7137 camera with firmware version 0200a and it is accessible from a network where unauthorized users may be present.
A security patch is not expected due to the product's End-of-Life status. Mitigate by isolating the camera on a separate VLAN, restricting access to port 8554, and considering disabling the RTSP service.
There are currently no reports of active exploitation, but the simplicity of the vulnerability suggests it may be targeted in the future.
The vendor has not released an advisory. Monitor security news sources for updates.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.