Full Report
Missing Authentication for Critical Function vulnerability (CVE-2025-9983) has been found in GALAYOU G2 software.
Analysis Summary
# Vulnerability: Missing Authentication for RTSP Streams in GALAYOU G2
## CVE Details
- CVE ID: CVE-2025-9983
- CVSS Score: Not explicitly provided, but the nature suggests High severity.
- CWE: CWE-306 (Missing Authentication for Critical Function)
## Affected Systems
- Products: GALAYOU G2 cameras
- Versions: 11.100001.01.28 (Other versions might also be affected)
- Configurations: Affects access to RTSP video streams.
## Vulnerability Description
The GALAYOU G2 software fails to properly enforce authentication for critical functions, specifically the RTSP video stream output. Although the system generates random credentials for these streams by default, these credentials are not required for accessing the stream. Modifying the configured credentials has no effect on access controls.
## Exploitation
- Status: Not explicitly stated as exploited in the wild. Status is generally assumed to be **PoC available** given the specific technical detail provided, though not confirmed as public PoC.
- Complexity: Likely **Low**, as authentication is entirely bypassed.
- Attack Vector: **Network** (to access the RTSP stream).
## Impact
- Confidentiality: **High** (Unauthorized access to video feeds).
- Integrity: **Low/None** (Primarily focused on information disclosure).
- Availability: **Low/None** (The stream remains available).
## Remediation
### Patches
- **None Available.** The vendor (GALAYOU) did not respond to coordination efforts regarding this vulnerability.
### Workarounds
- Implement network-level access controls (ACLs) to restrict access to the RTSP port(s) used by the GALAYOU G2 cameras, limiting connections only to trusted internal management systems or subnets.
## Detection
- **Indicators of Compromise:** Unauthenticated connections attempting to initiate RTSP streams from the device.
- **Detection methods and tools:** Network monitoring to detect unauthorized TCP connections targeting the RTSP port (commonly port 554) directed at the affected devices. Security scanners configured to test for unauthenticated RTSP access.
## References
- Vendor advisories: None available (Vendor did not respond).
- Relevant links - defanged:
- hxxps://incydent.cert.pl/#!/lang=en
- hxxps://www.cve.org/CVERecord?id=CVE-2025-9983
- hxxps://cert.pl/en/cvd/