![raysharp dvr exploit raysharp dvr exploit](https://damow.net/assets/images/2015/09/4ch-cctv-camera-dvr-vu-431-h-264-usb-network-iphone-android-712-p.jpeg)
![raysharp dvr exploit raysharp dvr exploit](https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2016/02/OceanLotus-infections.jpg)
Although it's hard to beat the value of these cheap devices, it's just a matter of time before more and more of these severe remote vulnerabilities are found as they become more prevalent. I've always wondered how many inadvertent (vulnerabilities) and purposeful (backdoors) security issues there are in these ubiquitous, cheap, poorly-developed DVRs. I wouldn't be surprised if they never do. There's already a Metasploit aux/scanner module to discover vulnerable systems and dump the admin password.Īs far as I know neither Ray Sharp nor the rebranders have responded to this. your laptop, iPhone, PC, and whatever else. Possible attacks include accessing clear-text admin passwords, creepy unauthorized access with said account, as well as using the DVR as a pivot point for attacking other internal network resources, e.g. Changing this port might add a bit of security through obscurity but you'd still be totally vulnerable. My apologizes if this is a re-post but has everyone heard about the vulnerabilities in Ray Sharp DVRs as well as rebranded DVR products by Swann, Lorex, URMET, KGuard, Defender, DEAPA/DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000?īasically, if you use one of these devices, you probably ought not port-forward TCP 9000 from the internet unless you are restricting access by source.