These two signatures were matched against all HTTP services within the critical.io database. The two most common models could be detected with the following signatures: To determine the exposure level, I worked with someLuser to determine signatures for the web interface. For reference, the Ray Sharp firmware uses the "minupnp" open source implementation to perform this port mapping. This has the effect of exposing tens of thousands of vulnerable DVRs to the internet. Many home and small office routers enable UPnP by default. The Ray Sharp DVR platform supports the Universal Plug and Play (UPnP) protocol and automatically exposes the device to the internet if a UPnP-compatible router is responsible for network address translation (NAT) on the network. In this case, however, the situation is substantially worse. A vulnerable DVR that is protected by the corporate firewall is not much of a risk for most organizations. These types of flaws are common in embedded appliances, but the impact is limited by firewalls and other forms of network access control. In short - this provides remote, unauthorized access to security camera recording systems. someLuser's blog post includes a script for obtaining the clear-text passwords as well as a standalone exploit that yields a remote root shell on any vulnerable device. The vulnerabilities allow for unauthenticated access to the device configuration, which includes the clear-text usernames and passwords that, once obtained, can be used to execute arbitrary system commands root through a secondary flaw in the web interface. In addition to Ray Sharp, the exposures seem to affect rebranded DVR products by Swann, Lorex, URMET, KGuard, Defender, DEAPA/DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000.
Raysharp dvr ip tv#
These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras. On January 22, 2013, a researcher going by the name someLuser detailed a number of security flaws in the Ray Sharp DVR platform.