# Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access  
# Date: 19th July 2022  
# Exploit Author: dsclee1  
# Vendor Homepage:  
# Software Link:  
# Version: 1.3.0  
# Tested on: Linux – running on camera  
# CVE : CVE-2022-37255  
These Tapo cameras work via an app. There is a facility on the app to set up a “Camera Account”, which adds user details for the RTSP server. Unfortunately if you don’t set up the user details on versions 1.3.0 and below there are default login details. I sourced these from the “cet” binary on the camera.  
You can gain unauthorised access to the RTSP stream using the following user details:  
User: ---  
Password: TPL075526460603