Need extra user for MJPEG with Basic auth!


For the stream/mjpeg auth we absolutely need at least one additional user. Right now only the admin credentials are possible with full editing rights. Instead we need a another read/video only user!

Uncomfortable workaround: Run “cvlc -R” on a server to remove or change the authentication.

So, with “Basic” auth enabled in fw, I am now indeed able to access the URL below directly in a web browser - yeah! :grinning:


The configuraton for stream 1 appears to determine the MJPEG resolution.
Note: The MJPEG stream actually calls https://IP_address/snapshot/view0.html
Be aware: Check if you have set the web UI to https or http.


I really like the the progress I see in the GDS firmware! And Grandstream listens to the customers!

But we really need an option to turn off authentication (come on Grandstream, many users are using this at home! No authentication is ok there) and/or more user accounts.

Right now I cannot link to the pictures/stream because it contains the admin password!

If I can make a wish please add the options of “no authentication” and digest based authentication ( if you cannot add more users - digest could use the admin user and password without exposing it.


And 5 months later, with the latest firmware, we only have one user, the admin, too :-(((

It is a very serious security problem, the two basic functionality (setting up the device and using the device) must be separated by login access. If I give the URL to somebody to view the video stream, I have to give the root rights too? Noway.


Have you tried “Anonymouse” mode in the latest firmware Please upgrade to this version and check out the Release Note:

Please advise whether this works for you. Thank you for using GDS3710.


Yes I tried, but it only works for some browsers, mostly MSIE (who the earth uses MSIE? brrr… :-)) and uses the outdated OCX technology instead of HTML5. I need a http or rtsp (mjpeg) stream, with no ‘root’ access. I’d like to use it in VLC (or other video app), or “IPCam Viewer Basic” on Android.


Got the complains already, will address this in next firmware release (
Please keep tuned. Thanks!

Basic authentication 'plain' URLs for snapshot & stream?

So, been playing with this for a bit because I need to have a webpage display the stream. The key part here is if you get the cookies upon successful login, you can copy them to any other browsers, no login needed, YES you need to make sure the cookies EXPIRY are set to a long time away (ex: 2099) then just go to the https://ip_addr/jpeg/mjpeg.html and it will auto-login and start! Here is some more stuff I learned using the mjpeg.html/mjpeg.js files…

  1. get ChallangeCode



    <?xml version="1.0" encoding="UTF-8" ?> 0 b62006e5bd1b6fe3737bec5456ad41d0 OK
  2. Calculate MD5 with Challenge Code returned above
    MD5( ChallengeCode:GDS3710lZpRsFzCbM:password )
    Example MD5( b62006e5bd1b6fe3737bec5456ad41d0:GDS3710lZpRsFzCbM:LSPBQut8 )

    Header of If-Modified-Since=0       
    <?xml version="1.0" encoding="UTF-8" ?>

After this it will load up


New user here, is it still not possible to use the MJPEG stream with additional user credentials (to avoid ‘root’ or Anonymous access)?


@luketc; This problem has been address in latest firmware

Please refer to Page 23 of Release Note for firmware:

Hope this helps. Thanks for using GDS3710!


Are you talking about the Anonymous LiveView? I saw that. I was curious as if there are any plans to allow additional users with restricted permissions so we don’t have to choose between the two extremes of super-user credentials or not credentials at all. Thanks.


That is already under consideration and will be addressed in future firmware. This feature will be added but need time as that involves lots of adjustment. Thanks.


Yes I imagine several changes need to be made in order to accommodate user-account-permissions. Thanks for following up.