Lack of Authentication for RTSP stream_CVE-2025-9983

7.1 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior.

The vendor did not respond in any way. Only version 11.100001.01.28 was tested, other versions might also be vulnerable.

Basic Information

ID CVE-2025-9983

Source CERT-PL

Published Sep 22, 2025 at 11:06

Modified Sep 22, 2025 at 11:42

Affected Product

Vendor GALAYOU

Product G2

Version 11.100001.01.28

Affected Versions GALAYOU G2 11.100001.01.28

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior.\n\nThe vendor did not respond in any way. Only version\u00a011.100001.01.28 was tested, other versions might also be vulnerable.",
    "published": "2025-09-22T11:06:54.268Z",
    "modified": "2025-09-22T11:42:40.921Z",
    "type": "cve",
    "title": "Lack of Authentication for RTSP stream",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2025/09/CVE-2025-9983\nhttps://www.galayou-store.com/g2",
    "id": "CVE-2025-9983",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "GALAYOU G2 11.100001.01.28",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "G2",
    "version": "11.100001.01.28",
    "vendor": "GALAYOU",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}