CHT Security Discovered Vulnerabilities in Firmware of Well-Known DVR
CHT Security Digital Forensics and Information Security Testing Center discovered two vulnerabilities in a well-known DVR. The first one is arbitrary read/write vulnerability (CVE-2020-10513) and the second is command injection (CVE-2020-10514). More than 10 millions of devices are infected in Taiwan.
- CVE-2020-10513: Attacker can read or modify any file in filesystem of the device. With changing the configuration file of system, attacker can cause Denial of Service or command injection.
- CVE-2020-10514: Attacker can modify the parameter of RPC function and inject malicious command. It allows attacker to execute commands on the devices when the attacker has owned the password.
We also discovered that the device does not force user to change password and that a lot of devices might use a fixed default password from vendor or dealer.
Attacker can control the infected device and perform DDoS attack.
- Firmware version before 2020/02
The vendor has released related patches after receiving our report. It is recommended to contact the vendor for patching and updating as soon as possible.
- User: Update firmware to the newest version as soon as possible.
- Vendor: Check all input from the user side. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysis and Penetration Testing, to effectively ensure product security for the clients.