In case anyone owns this cam, I've not seen much info about it, and I'm trying to hack a little bit into it.
FCC ID: 2AT5D-ZS-GX5
It's based on CloudEdge app and operation is 100% limited to it by default
I'm not certain how it operates, but it seems to have a very low-power port open for messaging (because pings at very low distance from AP are extremely high, like 1s+) and then it seems to use a bunch of ports for multimedia streaming
After running NMAP I've found that all these ports could be candidates for this operation
I'm going to try now to intercept traffic via Wireshark and reverse engineer CloudEdge app to see if I find some certificate or something.
What I hate most about this cam and the Cloud Edge operation is the fact that the cam is accessible only online, not localhost, which for me is a huge security flaw.
There was a guy that was able to hack ZS-GX1 although it seems to be some model in common due to the name, not the same cam by any means
github.com
Since this cam had for example RTSP open by default..
If anyone have had experience with this, I would like to hear from you
I will keep commenting my findings, also I have created a repo to document this process: GitHub - SirLouen/zs-gx1s
FCC ID: 2AT5D-ZS-GX5
It's based on CloudEdge app and operation is 100% limited to it by default
I'm not certain how it operates, but it seems to have a very low-power port open for messaging (because pings at very low distance from AP are extremely high, like 1s+) and then it seems to use a bunch of ports for multimedia streaming
After running NMAP I've found that all these ports could be candidates for this operation
Code:
1949/tcp filtered ismaeasdaqlive
5672/tcp filtered amqp
8586/tcp filtered unknown
12751/tcp filtered unknown
18408/tcp filtered unknown
19528/tcp filtered unknown
20215/tcp filtered unknown
20422/tcp filtered unknown
25333/tcp filtered unknown
27589/tcp filtered unknown
28921/tcp filtered unknown
28985/tcp filtered unknown
29593/tcp filtered unknown
32140/tcp filtered unknown
32509/tcp filtered unknown
32955/tcp filtered unknown
33310/tcp filtered unknown
39304/tcp filtered unknown
40827/tcp filtered unknown
44225/tcp filtered unknown
45664/tcp filtered unknown
48760/tcp filtered unknown
50877/tcp filtered unknown
51979/tcp filtered unknown
53059/tcp filtered unknown
53474/tcp filtered unknown
54817/tcp filtered unknown
58625/tcp filtered unknown
62554/tcp filtered unknown
63181/tcp filtered unknown
63288/tcp filtered unknown
65267/tcp filtered unknownI'm going to try now to intercept traffic via Wireshark and reverse engineer CloudEdge app to see if I find some certificate or something.
What I hate most about this cam and the Cloud Edge operation is the fact that the cam is accessible only online, not localhost, which for me is a huge security flaw.
There was a guy that was able to hack ZS-GX1 although it seems to be some model in common due to the name, not the same cam by any means
GitHub - ant-thomas/zsgx1hacks: Hacks for ZS-GX1 IP Camera and various Goke GK7102 based IP Cameras
Hacks for ZS-GX1 IP Camera and various Goke GK7102 based IP Cameras - ant-thomas/zsgx1hacks
github.com
Since this cam had for example RTSP open by default..
If anyone have had experience with this, I would like to hear from you
I will keep commenting my findings, also I have created a repo to document this process: GitHub - SirLouen/zs-gx1s
Last edited:
