Argentinian security researcher found how to access a bunch of DVRs

According to BleepingComputer, a researcher from Argentina discovered a flaw (CVE-2018-9995) that allowed him to log in tens of thousands of DVR cameras and watch live broadcasts. It was learned that the researcher first discovered this flaw in the camera of the Spanish camera maker TBK Vision. He later discovered that several other famous brands in the world were also in the influence. The effect devices including CeNova, Night Owl, Nova, Pulnix, Q-See, Securus. This vulnerability allows hackers to receive plain text camera usernames and passwords.

In this regard, TBK Vision, Oulnix, Q-See, Securus did not immediately comment on this matter. CeNova, Night Owl, and Novo are temporarily unable to contact. Ezequiel Fernandez, a researcher who discovered the vulnerability, declined to respond to Bleeping Computer’s questions, but other experts who read the results of the study said that the attack code can indeed successfully break the Fernandez listed these brands of cameras.

When the network monitoring system uses the default password, it is particularly vulnerable to hackers. Hackers will use Google, Shodan, and other search engines to find information about the target camera and try to log in. If the username and password of the device are both admin, the hacker can easily access the device. And when hackers find quick access to a large number of cameras, the situation becomes even worse.