Service:
Protocol:
TCP/UDPPort:
554Used for:
Port 554 is used by RTSP to control live video and audio streams, commonly in IP cameras, DVRs, and surveillance systems.Why It’s Open
Port 554 is the default port used by RTSP (Real-Time Streaming Protocol), a protocol designed for controlling streaming media servers. RTSP allows clients to remotely control video streams — playing, pausing, or recording live feeds — without actually transporting the content itself (which is typically done over RTP/RTCP). It’s widely used in IP cameras, CCTV/DVR systems, NVRs, media servers, and surveillance equipment for live video streaming and remote monitoring.
This port is typically open on network-connected cameras, video recorders, smart doorbells, and various surveillance products. RTSP runs over both TCP and UDP, though TCP is more common for direct control and setup of streaming sessions.
Common Risks
- Unauthenticated Video Streams
Many RTSP implementations lack authentication or use default credentials, allowing anyone to view live camera feeds. - Information Disclosure
RTSP banners and responses can reveal firmware versions, camera model info, and network paths. - Sensitive Surveillance Exposure
Publicly exposed RTSP streams may leak sensitive visuals from private facilities, homes, or critical infrastructure. - Exploitable Vulnerabilities
Many older RTSP services are vulnerable to buffer overflows, path traversal, and authentication bypasses. - Used in Botnets
Insecure IP cameras with RTSP have been historically targeted and recruited into IoT botnets (e.g., Mirai variants).
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open
nmap -sT -p 554nmap -sU -p 554Grab RTSP banner:
echo -ne "OPTIONS rtsp://:554/ RTSP/1.0\r\nCSeq: 1\r\n\r\n" | nc 554Use RTSP inspection tools:
- VLC Media Player – open stream with
rtsp://<ip>:554/ - rtsp-scan.py or rtsp-check.py for enumeration of open streams
- Wireshark filter: tcp.port == 554 or rtsp
What to Look For
| Checkpoint | What it means |
|---|---|
| Port 554 open externally | RTSP service is exposed to the internet (should not be) |
| No authentication required | Anyone can access the video stream |
| Default credentials in use | Devices may be trivially compromised |
| Version info in headers | Can aid fingerprinting and targeted exploitation |
Mitigation
- Restrict Access to Port 554
Only allow trusted internal IPs to access RTSP streams. - Enable Authentication
Configure strong RTSP credentials and disable anonymous access. - Change Default Passwords
Replace vendor defaults immediately on all IP cameras and DVRs. - Keep Firmware Up to Date
Many RTSP vulnerabilities stem from outdated, unpatched firmware. - Segment Surveillance Devices
Isolate cameras/NVRs on a separate VLAN from the corporate network. - Use Encrypted Alternatives (if supported)
Some systems support RTSPS (RTSP over TLS) — prefer it when available.
Known CVEs and Exploits
- CVE-2020-25078 – RTSP buffer overflow in AVTECH DVR firmware.
- CVE-2018-9995 – DVR devices with RTSP interface authentication bypass.
- CVE-2017-8225 – RTSP stack overflow in specific IP camera models.
- RTSP Exploit PoC – Exploit-DB 42675 – Unauthenticated RTSP stream access.