[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Everfocus EDR1600 remote authentication bypass

Product: Everfocus EDR1600
Version affected: all
Website: http://www.everfocus.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@xxxxxxxxx
Web: http://www.andreafabrizi.it
Vuln: remote DVR authentication bypass

The EDR1600 firmware don't handle correctly users authentication and sessions.

This exploit let you to connect to every remote DVR (without username
and password) and see the live cams :)

Exploit: http://www.andreafabrizi.it/files/EverFocus_edr1600_Exploit.tar.gz