Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.
The vulnerability is classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere) and involves an NVR configuration file being accessible without authentication over the network. An attacker can send a specially crafted network request and download the file directly. The downloaded file contains authentication credentials (login and password) stored in plaintext, eliminating any additional protection barrier for the attacker.
An attacker gains full authentication credentials to the NVR recorder and connected cameras, enabling them to take full control of the video surveillance system, view video streams, modify settings, or conduct further attacks on the network infrastructure.
Security patches available from the vendor should be applied in accordance with the provided references. Until updates are deployed, it is recommended to isolate NVR devices from public internet access (e.g., behind a firewall or VPN) and immediately change passwords for all associated devices.
Selected network recorder (NVR) models manufactured by Digiever — specific model identification is available in the vendor references (TWCERT).
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X