Digital video recorders open to probe of networks, contents ... just about anything, really
18 Feb 2016 at 08:01, Darren Pauli Researchers say up to 80,000 digital video recorders (DVRs) used to record footage from surveillance cameras employ hardcoded passwords - or don't use one at all - opening avenues for attackers to breach home and business networks and compromise privacy.
In one examination, at least 46,000 DVRs were found open to remote hijacking through a hardcoded firmware username and password.
The Zhuhai RaySharp DVRs are used by homes and businesses for remote video streaming, with some 60,000 claimed to be exported by the Chinese manufacturer every month.
The vendor has not patched the firmware vulnerability (CVE:2015-8286) leaving all units exposed. Seven other brands using the firmware are also thought vulnerable including Swann, KGuard Security, Defender, and Cop-USA.
Full Article