CVE-2021-40379
Description
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Compro IP cameras expose unauthenticated RTSP video streams via the `/medias2` endpoint.
Vulnerability
Several Compro IP camera models, including IP70 (firmware 2.08_7130218), IP570 (firmware 2.08_7130520), IP60, and TN540, ship with an unauthenticated RTSP stream endpoint at rstp://.../medias2 that does not require any authorization [1].
Exploitation
An attacker who can reach the camera over the network can simply connect to the camera's RTSP service using a media player or tool like VLC and request the /medias2 path; no credentials or session are needed [1]. The default RTSP port (554) is typically used.
Impact
Successful exploitation allows an attacker to view the live video feed from the camera without authentication [1]. This compromises the confidentiality of the video surveillance data; the attacker gains the same level of video access as an authorized user, without any account privileges.
Mitigation
As of the published advisory, no firmware update or vendor patch has been specified [1]. The affected models may be end-of-life; users should isolate affected cameras from untrusted networks (e.g., place them behind a firewall, restrict RTSP access) or upgrade to newer, supported camera models if available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Compro/IP70 devicedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.