Cisco Meraki Unlocks IP Cameras With RTSP Tested

By Sean Patton, Published Jul 06, 2020, 08:51am EDT

Meraki opened up its cameras to 3rd party NVRs/VMSes by offering RTSP streaming because of "the need to solve a business problem".

IPVM Image

We tested 2 Meraki cameras (MV12WE, MV72) with Milestone, and in this report, we examine Meraki's RTSP streaming and share our findings on:

  • What is the best use case of Meraki RTSP are?
  • What limitations does this have?
  • How this impacts Meraki's competitive positioning vs Verkada?
  • How does Meraki RTSP perform?
  • How is it configured?
  • What Meraki cameras are supported?

Executive *******

***** ** ****** **** technically (****** *** *********** of ****, * ****** video ********* ********) *** it ***** ****** ***** connect ***** ***** **** 3rd ***** *******, ** would ** ***** ** use **** ** * way ** *********** ******* away **** ****** ** video.

*******, ****** **** **** was '*** * ****** option' *** *********, ******* that **** *** ***** eventually ** ******* ******* a ************ *** **** one ***** *** ** able ** **** ****** configuration ******* ******* ***.

****** **** ********* ********* solidly ** *** *****, streaming ** ********* ******** without ******. ************** *** configuration ** *** ******* and ********* **** **** than * *******. *******, using **** (****) ***** Meraki's **-***** ****** *** vehicle *********, ***** ** negative.

** ******** ************* ***** latency (*-* *******) **** the **** ****** ****** direct *** ********* ** the ****** ********* (*-* seconds), *** ****** ****** streaming (*-* *******). ******* the **** ****** ** only ********* ** *** local *******, ******** ****** traffic ********* *************.

***** *** ****** ************ was *******, ** **** able ** ******* *** Meraki *******, **** **** streams, ********* ****, *** adjust ****** ********. ****** said **** *** *** to** ******** ***** ****** offered ******* ** ***********. ****** ********* **** the ****** **** ******** to ****** **** **** even **** ******* ********.

Best *** **** - ********** *** ***** ******* ** *****

*** **** *** **** for **** *** ******* is ********** ***** ****** but ********** ** *** party *******, *.*., ***'* existing ****** ******* ** PSIM, ************* *** ***** add ** ***** ********* from *** ******* (*******, Anyvision, ********, ******, ***., etc.).

Verkada ** - ******* *** ***** **** ****-**

****** *******, *** ******* to ******* ***'* ***** to *** ***** ******* is ** ********* ******** to *******'* ***** ****** video. *******, ** ** a ******** *** ******** 3rd ***** ******* *** it ** *** * fully '*****' *** ** migrate ***** **** ****** gives ** ********** **** they ***** *** *** RTSP ********* ** *** does *** ******** ** pay ****.

Meraki **** ********

***** ** * *-****** video ******* *** ******* of ******** ****** **** and *********** ** *********:

Streaming *********** ***** / *** *******

** ***** **** ********* performance ** ** *****, with *** ********** ***** H.264 **** **** ***. Viewing ******* **** ******** browsers *** ********* ******* did *** ***** *** issues.

** ******** ******* *-* seconds ** *******:

** ******** ~* ******* lower ******* ** *** local **** ****** **** direct *** ********* ** the ****** *** ******:

IPVM Image

*** **** **********, **** is ************* ****** ***********, providing **** ****** ** real-time **** **** ***** the ****** *** *********.

****** ************* ********** *** *** ********* uses ***, ***** ******* in ****** ******* ******** to ****:

***** **** ** *** using **** **** ********* (HLS), ***** ** **** is **** ** *** dashboard, *** ***** **** be ************* *******. ******** RTSP **** *** ****** the ********* ***** *** video *********.

Minimal ************* - ** ******** *********

**** ********* ** ******* per ****** *** ** a ****** "***/**" ****** in ****** ********, ***** cannot ** ********* ** a ****/*****-****** *************:

IPVM Image

***** ** ** *****/******** required ** ********* *** viewing *** **** ******, which ** * ************ privacy *******, ********* **** access ** ***** ******* without ***** ** ********.

****** **** **** **** should ** **** *** basic *** ****** ***** integrations:

** ** **** **** to ****** **** ** a *** ***** ** simple *** **** *** customers. ******** *** *** have * ******** *** password, **** ** *********** in ***** **** *** leads ** * ***** sense ** ********. **** is *** ** ***'* offer **** ****** *** specifically **** *** *** issue **** ******* ** a ******.

********** ** ***** **** as * ********* ********** component ** **** ********* with **********, *** *** as *** ******* **** term ************* ******** ** get ***** **** *** camera.

No ****** ** ********* / ****** ******

***** ****** ******* ***** AI-based ****** *** ******* detection, *** **** ****** does *** ******* ***** events ** ****. ** were **** ** *** Milestone's ******-***** ****** *********, however, **** **** ** an ***** *** ****/*** that ** *** ***** it:

IPVM Image

****** ******* **** **** streaming ** ******** *** integrations ** ***** ********* systems, ***** ***** *** use *** ******** ******-***** analytics.

Risk ** ******

*** **** ** ****** is **** *** ********* users * **** ** unlock ***** ******-** ****** and ******* *** ** recurring ************ ******** ** open ******** *******.

*******, ** **** ****** camera ***** **** *** Meraki *** ******** *** WiFi, ****** *** **** that *** ******* **** of ***** ******* ***** ecosystem ** ***.

****** **** **** ** not *** **** ** a "****** ******" *** system ********* **** **** Meraki, *** *********** ********** new ****** ******* ** an ******** ***:

********** ********* **** * license ** ** **** to *** *** ******. We ***** *** ** blocking **** **** *********** in ** ********** *****, but ** * ****** previously, **** ***'* ********* enforced.

**** ** ** *** leave **** ***********, * don't *** **** ** a ****** ****** *** a **** ** ******* VMS ** *** ***** open ******. ** ***'* support ***** *** ** the ******* ** *** camera ***** ** ***********, additionally *** ****** ******* and ***** ****** ************** could ***** ** ******* e.g. ****-***** ***********.

Cameras *********

**** ********* ** ********* for ****** ********** ****** ** camera, ***** *** ****** that *** ** '*', running ** *.* ******** and *****. ** ****** with ** *.* ********.

Comments (20)

**** ** * **** move *** **** - but * ***'* ***** it ********* *** ****-** issue. ** *** **** to *** ****** **** another *** **** ** Milestone (** *******, *****, etc...) ** *** **** time **'* ****. ***** are ********** *** ***** for ****, ** **** is *******, *** * step ** *** ***** direction.

****** *** *** ************* report - **** ***.

**** ***********.

***** ***% *** **** to ******** **** + encryption *** ***-********** *********. Not ****, **** **** and ** ******** ********** from *****.

**** ** ************** ***** they *** ** **** scrap *** *******. ****** anyone **** "**'* ****** a ********", **** ******* most ********** ******* ********* laterally. ******* ***** *****, soft ***** ******. ************* matters *** ***** ********* knows **.

****** ****** **** "**'* behind * ********", **** discuss **** ********** ******* occurring *********.

***, ***'* *******. *** you ***** ** ** any ***** ******* ******* where *** ***** ******* were *** ******?

**** ******** ******** *** not ******** ** *** public. ** *** *** expecting * ****-******* ********** of ****, **** ***** be * *** *****. I ********* **** **** every ****** **** * have **** ******** **** for ******** ******** *** incited ** ********* *** from *** ******** ****** any ******** ***** **** settled **** (******* * publicly-disclosed ***** ** ***).

*** *** ********* **** the **** ****** ** left **** *** ** can *** ***** **** no *** **** **** through **? **** *******, if ******* ***** ******* it - **** *** general ****** **** ******* notification ** **** * breach? ** **, *** are ******* *************** *** sophistication ** *** ****** bad ***** ** **** as *** ********** *** disclosure **** ******* **********. Every ****** * **** been ******** **** *** incident ******** **** *** last ******* ***** *** had * ****** **** incubation ****** ** **** gathering ****** ******** ***** led ** *********.

**** ******** ******** *** not ******** ** *** public. ** *** *** expecting * ****-******* ********** of ****, **** ***** be * *** *****.

***** **, * **** your "***'* ******* **** attacks ********* *********" ** mean *** **** ***** to ******* ******* ***********.

** **** ** ********* NDA ********* ****** ****,

*** ******* ****** **** the ********* ******** *** proceeded ** **** ***** from ** ********* ***** camera. ****, ***** ********* the ******** ***** ****** at *** ****, **** entered *** ********...

** *** ***** ****** like **** ******?

** ** *** ** problem ** ****** *** with ****** ********** ******** of ******* ******* (***** is **** * ******* stated). ***** **** ** all ***** ** ****** and *****. **** ********, I *** **** ***** at ******* *** **** 3389 ** ****** ** web *** **** **** gets *********** *** **** attacks **** *********.

* ***** ********* ***** disclose *** ****** ********** in *** ******** ******* I **** ***** ** the ****. ********* ** non-sanitized, ** ***** ******* me **** **** ********** value ** ****** *** time ** ** **.

* ** ***** ** have ** **** ********** around **** ******* ** leaving *** **** **** when ** ** ** easy ******* ** *****. Not **** *** *** are ********** **** **** is ******.

* **** ****** *********** is ************ ******** ***** as ** **** *** require ******** **********. ** the *** ** *** day - *** ****** is ********** *** ******** security *************** ** *** security ******** **...****, ******. Should *** ************* *** ignore **** ********* ****** the *****? *** **** glaring *** ******* ***** that *** **** *******, the ****** ****** ******* get. ** ****, ******* in ***** *** *** that.

** ** *** ** problem ** ****** ***

*** ****, *** ** you **** ** ******** people ** **** *****, it's ******* ** ********** your ****.

* ** ***** *** bigger ***** ** **** 'physical ********' ************* **** to ********** *** **** of ******** *******, *.*., to **** ***,********* *** ****** ****** w*** ***** ******* ****** to ***** *** ***** passwords *** ********* *******.

****** **** ** ********** with #*, *** ***** want ** *** (*** others ******* ****).

****, ********** ********** **** you *** ****** *** the ******* *** *** about ******* ******* ** I *****. ********** **** would **** **** *********. It *** ******** *********** to ** **** ******** to **** ********** ******** to ******* *************** **** requests ***** ** ********* hyper-specific ** ******* ** a ********** ********. ****** allows *************** **** ****** the ****** ** ** open ****** ** ******* it ** *** ********. Because ** ****, ****** is ***** ** ******* a ***** ***** ********* getting *********** ***** * user ************* ****** *** RTSP **************.

****** *** ********* *** authentication **** ** *************. It ** ********* * feature *** ******** *************.

** *** **** *** not *********** ** *** pigeon-holed ********, * **** happily ********* *** ******* a ******** ** *******-****** related ***********.

** *** ******** *********** to ** **** ******** to **** ********** ******** to ******* *************** **** requests ***** ** ********* hyper-specific ** ******* ** a ********** ********.

*** *** ********* ***** pigeon-holing.

** ***************** ****

*** *** ***** ** to *** ***** ******* attacks ***** *** ***** streams **** *** ******?

***** ** ***** ** general *** **-"*****-********" ** you *** ***.

* ***** ** ** fair ** ***** ** disagree **** :-)

****** * **** *** intending *** ****** ***** to ****** * ******, unauthenticated **** ***** ***** be *******. *** ***'* find ****** ******** ** studies ***** ****** ************ compromising ***** *** ******* in **** ***. ***** is ******* ** "********" or **** ******* ** inviting **** ********* **** your ***** *** **** calling *** ****** *** trespassing. ***'* ***** **** "threat". *** **** ******'* invite *** ********* ** the ***** ***** ** you ****'* **** **** entering.

****** *** * ************** to ********* ***** *********. That *** ******* **** (installed * **** ***** but ** ****).

** ****** ** *** familiar **** *** ******* of ******* ******* **** could ****** * ************ system - * **** educate *** ***. ***** love ** ****** ************ about *** ** *** ways **** ************* ** our ******** ****** ***** threats **** **** ***'* think *** ******. **** are **** ******* *** hoping *** *** **** is *** ********** *** due ********* **** ** owe ***** ** ***** to *******.

****** *** * ************** to ********* ***** *********.

*****, *** *** ******, i ******* **** ***** is ** ********** ****** for ****** *** ** include ** ***** ****** auth ** *** *******. my *********** ***** ** that **** *** ****** unwilling ** ****** **** resources ** * "******" feature, ** **** **** they *** ********* ******** it ** ***** ** not **** * **** robust ********** ********. *** users *** ***** ** demand * ****** **********.

**** ****, **** ******* position **

**** ** ************** ***** they *** ** **** scrap *** *******.

** ** ************, *** several *******.

*) ** ** *** enabled ** *******

*) ** ** ******* documented ** ********

*) *** **** *****, if **** ****, ****** the ********** ******* *** camera *** *** ***, by ***** * ********* VLAN.

*)There ** ** ***** *** ** *** *** ****** ** * *** ***** ***.

** *****, * *** you, ** *** *** 100 ****** ******* **** you *** ** *** not **** ** *******/****** at **** *****, ** you ****** **** **** would ***** *** *******?

*'* *** **** ** how ****-******** **** **, but **** *** **** first ****** ****** **** the "**** ***** ***************" brings **** ***** ** worry *****:*** - ****** *******

*** *** ***** ** to *** ***** ******* attacks ***** *** ***** streams **** *** ******?

* ******* **** *** happened ** *** ******-***** hacking *****. * ****** a ***** (******** ******* Diaries) ***** *** ******'* hackers **** **** ** access * ****** **** of ******* ******'* ******* team. *** ****** **** helped **** ****** *** dismantle *** ***** ****'* operation. [******** ******]

****, * ***** ** concerned ***** ******* **** of ********. ** **** had ** **** * client ***** * ********** who *** ******** * coworker ******* *** ***. If *** **** ** unauthenticated ***** ****, **** becomes * *** ****** to **** ****.

*** **** ******* ** the ***** (**** ******* coundtries ** *** ****** East) ***** ***** ** mandated ** ***** ***********, unless ***** ** **** Onvif *******, **** ***** still *** ** ****** to ** ****** ** a "*******" *** **** still *** ***** *** cameras ** ** ********** "open" ** *** **** of ****.

****** ****** ** *** cameras ** *** ***** NVRs/VMSes ** ******** **** streaming ******* ** "*** need ** ***** * business *******".

** **** ****** ** solve * ******** *******, just **** ****** *** cameras **********. * ***** say *** **** ***** for ********. ******** ******* are *** ********** *** what **** ***. ***** may *** ** *** greatest, *** ** *** is ***** ** ***** time ********** ****** *********** for ******* ******* **** of ***** ***** * can't ******* ***** ** the ***** ****** *** integrators.

* **** ******** ******** and **** * **** used ** ****** ******** I **** *****. *** cloud ***** *** ********** is ****. *** ***** is **** * **** to *** ** ****** of *** *** ****** and ******** ****'* ** my ***** **** *** a ***.

** *** **** ****, these ******* *** ** where ** ****** *** already ******** ** *** system *** ******* **** that **** **** *******. IT ****, ** ******* Ubiquiti ** ****** **** cameras *** * *** manage **** **** *** my ******** *** *******. I *** **** **** are ****** ** **, but ***** ** ***** a *** ******* ******** products *** ******** ** products **** ****** **** may ***** **** *** the **** *****.

**** ** ** **** choice *** ********* * stream *******.

**** ** ** **** choice *** ********* * stream *******.

******. *'* ******* *** a ***** **** **** option :)

** ** **** **** to ****** **** ** a *** ***** ** simple *** **** *** customers. ******** *** *** have * ******** *** password, **** ** *********** in ***** **** *** leads ** * ***** sense ** ********. **** is *** ** ***'* offer **** ****** *** specifically **** *** *** issue **** ******* ** a ******.

*********** **** **** ***'* seem ** ** ***** of ****** ************** *** RTSP (***** *** ** not **** *** ******** as ***** ****), ** tunneling **** **** *****.

**** ** * ******* move *** ****. ***'* wait ** ***** **** integration **** *****/***** ****** Control

**** **** *** *** game *** ***** ********. Hopefully **** **** ***** some ****** ********** ****** with *****-******.

Read this IPVM report for free.

This article is part of IPVM's 6,651 reports, 895 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports