Ningyuanda TC155 IP Camera RTSP Service Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Ningyuanda TC155 IP camera, specifically in the RTSP service component of the firmware version 57.0.2.0. This vulnerability allows an attacker on the same local network to send a malformed RTSP DESCRIBE request, which causes the camera to enter a fault state and automatically reboot. This exploitation leads to a temporary loss of the live video feed, creating a repeatable denial-of-service condition.

Impact

Exploitation of this vulnerability causes a temporary loss of the live video feed, as the camera reboots after processing the malformed RTSP request. This disruption creates a repeatable denial-of-service condition.

Reproduction

To reproduce this vulnerability, connect to the same local area network as the TC155 IP camera. Use a network scanning tool to identify the camera's IP address and confirm that the RTSP service is running on port 554. Once the camera's IP is identified and the RTSP service is confirmed, send a malformed RTSP DESCRIBE request using a tool like netcat. The camera will process the request, leading to a freeze in the video feed, followed by an audible click and an automatic reboot.