Government Security
Network Security Resources

Jump to content

Photo

Everfocus Edr1600 Remote Authentication Bypass

security exploit
  • Please log in to reply
No replies to this topic

#1 qcred11

qcred11

    First Sergeant

  • Members
  • 2,544 posts

Posted 09 November 2009 - 11:48 PM


************************************************************** 

Product: [b]Everfocus EDR1600[/b] 

Version affected: all 

Website: http://www.everfocus.com/ 

Discovered By: Andrea Fabrizi 

Email: andrea.fabrizi@gmail.com 

Web: http://www.andreafabrizi.it 

Vuln: remote DVR authentication bypass 

************************************************************** 



The EDR1600 firmware don't handle correctly users authentication and sessions. 



This exploit let you to connect to every remote DVR (without username 

and password) and see the live cams <img src='http://www.governmentsecurity.org/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> 



Exploit: http://www.andreafabrizi.it/files/EverFocus_edr1600_Exploit.tar.gz









Also tagged with one or more of these keywords: security, exploit