CVE-2024-51362: n/a
CVE-2024-51362 is an information disclosure vulnerability affecting the LSC Smart Connect Indoor IP Camera V7. 6. 32. The camera's RTSP service on port 8554 allows unauthenticated access to live video streams, enabling attackers with network access to view footage without credentials. This flaw compromises user privacy and security by exposing sensitive video feeds. Exploitation requires no user interaction and can be performed remotely over the network. The vulnerability has a CVSS score of 6. 5, indicating medium severity. No known exploits are currently reported in the wild. The issue stems from missing authentication controls on the RTSP protocol implementation (CWE-306).
AI Analysis
Technical Summary
The vulnerability identified as CVE-2024-51362 affects the LSC Smart Connect Indoor IP Camera version 7.6.32. It involves an information disclosure flaw where the Real Time Streaming Protocol (RTSP) service running on port 8554 does not enforce authentication, allowing any network-connected attacker to access live camera footage without credentials. RTSP is commonly used for streaming media, and in this case, the camera exposes its video feed openly. The lack of authentication (CWE-306) means that confidentiality is directly compromised, as unauthorized users can view sensitive video streams. The vulnerability requires network access but no privileges or user interaction, making it relatively easy to exploit within the same network or via exposed network segments. The CVSS 3.1 base score is 6.5 (medium), reflecting high confidentiality impact but no impact on integrity or availability. No patches or fixes have been published yet, and no known exploits have been observed in the wild. This vulnerability poses a significant privacy risk, especially in environments where these cameras monitor sensitive areas. The issue highlights the importance of proper authentication controls on networked IoT devices, particularly those handling sensitive data streams.
Potential Impact
The primary impact of this vulnerability is the unauthorized disclosure of live video feeds, which can lead to severe privacy violations for individuals and organizations. Attackers can surveil sensitive areas, gather intelligence, or conduct reconnaissance without detection. This can result in reputational damage, regulatory non-compliance (especially under privacy laws like GDPR), and potential physical security risks. Since the vulnerability does not affect integrity or availability, it does not allow attackers to manipulate video streams or disrupt camera operation, but the confidentiality breach alone is significant. Organizations relying on these cameras for security monitoring may have their surveillance compromised, undermining trust in their security infrastructure. The ease of exploitation without authentication and user interaction increases the likelihood of opportunistic attacks, especially in environments with exposed or poorly segmented networks.
Mitigation Recommendations
1. Immediately restrict network access to the RTSP port (8554) by implementing firewall rules that limit connections to trusted IP addresses or internal networks only. 2. Segment the network to isolate IoT devices like IP cameras from general user and internet-facing networks to reduce exposure. 3. Monitor network traffic for unusual or unauthorized RTSP connection attempts to detect potential exploitation. 4. Disable RTSP streaming if not required or replace it with a more secure streaming protocol that enforces authentication. 5. Regularly audit and update camera firmware; although no patch is currently available, stay alert for vendor updates addressing this vulnerability. 6. Consider deploying network intrusion detection/prevention systems (IDS/IPS) with signatures for unauthorized RTSP access. 7. Educate staff on the risks of exposed IoT devices and enforce strong network security policies. 8. If possible, configure the camera or network equipment to require authentication for RTSP streams, even if this requires custom configuration or vendor support.
Affected Countries
United States, Canada, United Kingdom, Germany, France, Australia, Japan, South Korea, India, Brazil
CVE-2024-51362: n/a
Description
CVE-2024-51362 is an information disclosure vulnerability affecting the LSC Smart Connect Indoor IP Camera V7. 6. 32. The camera's RTSP service on port 8554 allows unauthenticated access to live video streams, enabling attackers with network access to view footage without credentials. This flaw compromises user privacy and security by exposing sensitive video feeds. Exploitation requires no user interaction and can be performed remotely over the network. The vulnerability has a CVSS score of 6. 5, indicating medium severity. No known exploits are currently reported in the wild. The issue stems from missing authentication controls on the RTSP protocol implementation (CWE-306).
AI-Powered Analysis
Technical Analysis
The vulnerability identified as CVE-2024-51362 affects the LSC Smart Connect Indoor IP Camera version 7.6.32. It involves an information disclosure flaw where the Real Time Streaming Protocol (RTSP) service running on port 8554 does not enforce authentication, allowing any network-connected attacker to access live camera footage without credentials. RTSP is commonly used for streaming media, and in this case, the camera exposes its video feed openly. The lack of authentication (CWE-306) means that confidentiality is directly compromised, as unauthorized users can view sensitive video streams. The vulnerability requires network access but no privileges or user interaction, making it relatively easy to exploit within the same network or via exposed network segments. The CVSS 3.1 base score is 6.5 (medium), reflecting high confidentiality impact but no impact on integrity or availability. No patches or fixes have been published yet, and no known exploits have been observed in the wild. This vulnerability poses a significant privacy risk, especially in environments where these cameras monitor sensitive areas. The issue highlights the importance of proper authentication controls on networked IoT devices, particularly those handling sensitive data streams.
Potential Impact
The primary impact of this vulnerability is the unauthorized disclosure of live video feeds, which can lead to severe privacy violations for individuals and organizations. Attackers can surveil sensitive areas, gather intelligence, or conduct reconnaissance without detection. This can result in reputational damage, regulatory non-compliance (especially under privacy laws like GDPR), and potential physical security risks. Since the vulnerability does not affect integrity or availability, it does not allow attackers to manipulate video streams or disrupt camera operation, but the confidentiality breach alone is significant. Organizations relying on these cameras for security monitoring may have their surveillance compromised, undermining trust in their security infrastructure. The ease of exploitation without authentication and user interaction increases the likelihood of opportunistic attacks, especially in environments with exposed or poorly segmented networks.
Mitigation Recommendations
1. Immediately restrict network access to the RTSP port (8554) by implementing firewall rules that limit connections to trusted IP addresses or internal networks only. 2. Segment the network to isolate IoT devices like IP cameras from general user and internet-facing networks to reduce exposure. 3. Monitor network traffic for unusual or unauthorized RTSP connection attempts to detect potential exploitation. 4. Disable RTSP streaming if not required or replace it with a more secure streaming protocol that enforces authentication. 5. Regularly audit and update camera firmware; although no patch is currently available, stay alert for vendor updates addressing this vulnerability. 6. Consider deploying network intrusion detection/prevention systems (IDS/IPS) with signatures for unauthorized RTSP access. 7. Educate staff on the risks of exposed IoT devices and enforce strong network security policies. 8. If possible, configure the camera or network equipment to require authentication for RTSP streams, even if this requires custom configuration or vendor support.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-10-28T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6bb1b7ef31ef0b55a1d9
Added to database: 2/25/2026, 9:37:53 PM
Last enriched: 2/26/2026, 1:29:53 AM
Last updated: 2/26/2026, 7:59:40 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighFinding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)
MediumCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.