Zhuhai Raysharp Technology: CCTV DVR Password Retrieval

By DonaldMoon

Ray Sharp DVR platform security flaws were highlighted by someLuser, a researcher who goes under the name someLuser. These DVRs can be used for security cameras and closed-circuit TV (CCTV). The exposures also seem to have affected rebranded DVR products from Swann, Lorex and URMET. These vulnerabilities allow unauthenticated access to the device configuration Zhuhai Raysharp Technology. This includes clear-text usernZhuhai Raysharp Technology CCTV DVR Password Retrievalames, passwords, and can be used to execute arbitrary root system commands through a secondary flaw within the web interface. SomeLuser’s blog post contains a script that can be used to obtain clear-text passwords, as well as an exploit that allows remote root access on any device.

This is Zhuhai Raysharp Technology

These flaws are quite common in embedded appliances. However, firewalls and other forms network access control limit their impact. Most organizations don’t have to worry about a DVR that is vulnerable if it is protected by a corporate firewall. However, this situation is much more dire. Zhuhai Raysharp Technology DVR Platform supports Universal Plug and Play (UPnP). If a UPnP compatible router is responsible for network address transformation (NAT), the device will automatically be exposed to the internet. Many routers in small offices and homes enable UPnP automatically. This exposes vulnerable DVRs to the Internet in large numbers. This port mapping is performed by Ray Sharp’s firmware, which uses the “miniupnp”, open-source implementation.

These signatures were matched against cw technolo every HTTP service in the critical.io database. This identified over 58,000 IPs running vulnerable DVR platforms. The list included more than 150 countries. The largest (19,000), followed by India (6,000) and Italy (5,700).

It is interesting that the popular firmware-mod-kit package for router tweaks also works well in unpacking Swann’s firmware. This allows you to easily obtain the raysharp_dvr ELF picture without rooting your device. This binary implements nearly all the functionality of the device, including the web server and the CD-ROM writer based upon cdrecord. This is not only bad architecture but it may also have licensing implications. An analysis of the binary reveals another feature: these systems can register their IP automatically with a dynamic DNS service to make them more hackable and accessible. Based on the raysharp_dvr binary.