Everfocus EDR1600 remote authentication bypass Oct 22 2009 09:50AM
Andrea Fabrizi (andrea fabrizi gmail com)
Product: Everfocus EDR1600
Version affected: all
Website: http://www.everfocus.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://www.andreafabrizi.it
Vuln: remote DVR authentication bypass

The EDR1600 firmware don't handle correctly users authentication and sessions.

This exploit let you to connect to every remote DVR (without username
and password) and see the live cams :)

Exploit: http://www.andreafabrizi.it/files/EverFocus_edr1600_Exploit.tar.gz

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus