CVE-2025-9983 | THREATINT

Description

GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only version 11.100001.01.28 was tested, other versions might also be vulnerable.

PUBLISHED Reserved 2025-09-04 | Published 2025-09-22 | Updated 2025-09-22 | Assigner CERT-PL

HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unknown

11.100001.01.28 (semver)

affected

Credits

Szymon Paszun finder

References

cert.pl/en/posts/2025/09/CVE-2025-9983 third-party-advisory

www.galayou-store.com/g2 product

cve.org (CVE-2025-9983)

nvd.nist.gov (CVE-2025-9983)

Download JSON