Dahua DVR Authentication Bypass - CVE-2013-6117
Let me look at your pictures more closely. I am in the same boat with the same cameras. Anyway, I hope you can find out some more, it would really help me out a lot!
Did you gain access to the printed circuit boards inside, or merely looking from the outside? Dahua initially stated they would work on fixing the issues but went radio silent afterwards. Even more - you can use it remotely.
Dahua DVR Authentication Bypass - CVE-2013-6117 - You say I do not want to think, you can not be more wrong.
What is your opinion about possibility of local Dahua and remote Hikvision admin login without knowing the exact generator of user with admin privileges? There is a possibility to generate a password knowing only the present date and just login. The basic reason for leaving such possibility was helping users, which forgot their password. More or less 2 years ago Dahua had another way to do so, more hardware like turn of the power, take out the battery, connect the contact and so on. Today you just need to calculate something like this: 8888 x day x month x year last to digits and last 6 digits of this number as a password of 888888 user dahua has admin privileges. I have just checked it - it works fine. I do not use Hikvision very often so can not check now, but as far as I know - dahua works exactly the same. Even more - you can use it remotely. Is it a good way? What mechanisms should be available to generator user when he forgets the password? The general Hikvision password recovery process for administrative accounts is as follows: 1. The customer contacts Hikvision and provides basic information such as the customer's name, e-mail address, company name, contact number, contact address, device serial dvr and current system time of device, etc. After Hikvision receives and authenticates the customer's information, it will provide a secure code that is valid for two days. This password recovery process can only be run within the Local Area Network. However, it appears dvr many existing recorders can be accessed. I just sent them one more email to try to get any more information. However, it appears that passwords existing recorders can be accessed. I guess that it could be 98% at the moment . I heard another great info. Someone alternated the old trojan which was able to attack Synology's file servers. Hikvision had the same problem, but as far as I know they already released new firmware which solves this issue. I really think that those two vendors should provide some more info about it to this community. Marian I think that having an easy to figure out master password that can be easily calculated is a big problem. I believe that you should need 1 physical access, such as a reset button, and 2 that it should wipe all settings. This way, a casual person scanning the network can't get in, and two that the person using the device will hopefully notice that all passwords have been wiped. Having a back door is just as bad as having a vulnerability. I have seen cameras that are off by a day or weeks or years. If the generator uses the serial number, then usually you again need physical access to the device. Once a password formula is know and out in the wild, you are at risk. So is this a security risk?.
Maybe it's worm or troyan??? Then the Linux passwd command would allow you to reset things. We did not develop this product; if you have an issue with this product, contact the developer. It won't work remotely or even over it's own network. I have just checked it - it works fine. And once powered up, press and hold down the reset switch for 10 seconds. This password recovery process can only be run within the Local Area Network.