Product: Everfocus EDR1600
Version affected: all
Website: http://www.everfocus.com/
Discovered By: Andrea Fabrizi
Email: [email protected]
Web: http://www.andreafabrizi.it
Vuln: remote DVR authentication bypass
The EDR1600 firmware don't handle correctly users authentication and sessions.
This exploit let you to connect to every remote DVR (without username
and password) and see the live cams :)
Exploit: http://www.andreafabrizi.it/files/EverFocus_edr1600_Exploit.tar.gz