One of the more popular low-end DVRs is Q-See. They are available all over the place on-line from $200.
I friend of mine has found a way into some Q-See models using Telnet (root/123456) go get to the DVR (on a port other than 80). The files that were transfered were encoded using Q-See's proprietary h.264 codec. He couldn't get them to play on anything - but he had them secured none-the-less.
(If you are reading this and you have a networked Q-See DVR on your network, you should think about changing that password)
3 comments:
Came across this also. I found the telnet service open, but could not find the default PW until I came here. Sounds like a big old FAIL to mass produce a DVR with a common root password that is unchanged during setup.
Just stumbled upon this site, decided to check my DVR, and sure enough the root password was set as blank!
Thanks for pointing this out - I logged in via telnet with PuTTY, ran the "passwd" command, and changed it to a secure password.
Thank you again!
This problem was found during a security audit. I have the same problem, no password set for the root on our QT526. Unfortunately I know nothing about programming on Linux, can someone tell me how to change (add) a password?
Post a Comment