- #Raysharp dvr send password in clear text update
- #Raysharp dvr send password in clear text full
- #Raysharp dvr send password in clear text password
Researchers say that over 55 vendors have agreements with RaySharp to sell devices under their brands.
#Raysharp dvr send password in clear text password
If a hard-coded root password wasn't bad enough, according to RBS researchers, RaySharp has also been selling its devices under other brands, with the same firmware. On its website, RaySharp claims that it ships over 60, units per month.
#Raysharp dvr send password in clear text full
Once he authenticates on the device, he has full control over its settings, and all of the CCTV video streams. Any device left unprotected online can be accessed this way, if the attacker knows its IP or he can access a company LAN. Security firm Risk Based Security RBS discovered the issue last fall and contacted the manufacturer, who failed to address the issue until now. Sort by: Status Alphabetical.DVR equipment manufactured by Chinese firm RaySharp come with a hard-coded root password that allows attackers to remotely access the device if left unprotected on the Internet. Overview Digital Video Recorders DVRssecurity cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password.įilter by content: Vendor has issued information. Home Notes Current: VU Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials. If you have feedback, comments, or additional information about this vulnerability, please send us email. However, the credentials are still hard-coded. While some Swann models use Raysharp code, Swann has stated that they do not use the same default hard-coded credentials provided by Raysharp. Swann's Tech Center can help guide users through this process if necessary. If the user requires remote access to their unit then we recommend that the user changes the numbers of the internal network "Ports" to use non-standard values that are not easily discovered and make random access very difficult. Until such time as Swann are able to secure updated firmware for these models we recommend that the units are disconnected from the user's network to prevent malicious access. Restrict network access Use a firewall or similar technology to restrict access to trusted hosts, networks, and services. If your vendor does not have an updated firmware available at this time, you may consider the following mitigations. Please contact your device manufacturer for more information.
#Raysharp dvr send password in clear text update
Apply an update if possible Some vendors have released updated firmware to address this issue. An unauthenticated remote attacker may gain root access to the device. The Vendor List below provides more information on each manufacturer that was reported to be vulnerable. Personal details i, the undersigned, in service at Remote attackers with knowledge of the password may gain root access to the device.įurthermore, it was previously reported publicly that many of these devices enable remote access via telnet or port by default. Digital Video Recorders DVRssecurity cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password.
0 kommentar(er)
