AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure.
AVer Information EH6108H+ hybrid DVR is an IP security camera management system and streaming video recorder. Version X9.03.24.00.07l and possibly earlier are reported to contain multiple vulnerabilities.
CWE-798: Use of Hard-coded Credentials - CVE-2016-6535
A remote, unauthenticated attacker may be able to gain access with root privileges to completely compromise vulnerable devices.
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.
Thanks to Travis Lee for reporting these vulnerabilities.
This document was written by Joel Land.