Everfocus EDR1600 remote authentication bypass

2009-10-22T00:00:00
ID SECURITYVULNS:DOC:22673
Type securityvulns
Reporter Securityvulns
Modified 2009-10-22T00:00:00

Description


Product: Everfocus EDR1600 Version affected: all Website: http://www.everfocus.com/ Discovered By: Andrea Fabrizi Email: andrea.fabrizi@gmail.com Web: http://www.andreafabrizi.it Vuln: remote DVR authentication bypass


The EDR1600 firmware don't handle correctly users authentication and sessions.

This exploit let you to connect to every remote DVR (without username and password) and see the live cams :)

Exploit: http://www.andreafabrizi.it/files/EverFocus_edr1600_Exploit.tar.gz