Irresponsible Chinese DVR Vendor Still the Target of IoT Botnets One Year Later

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solarquest

Moderator
Staff member
AV-Tester
Jul 22, 2014
1,925
#1
A Chinese company that manufactures white-labeled DVRs still hasn't patched a security flaw that's been targeted by IoT botnets for over a year.

This particular vulnerability is a severe RCE (Remote Code Execution) bug that allows an attacker to take over a DVR via a simple request.

Security flaw discovered in March 2016 remained unfixed
The flaw came to light last year, after a report from security researcher Rotem Kerner. His investigation discovered that this flaw was present in the firmware of DVRs manufactured by Chinese company TVT.

Unfortunately, this wasn't any DVR manufacturer, but a seller of white-label products, meaning other vendors purchased the DVRs from TVT, slapped their logo on top, and sold them to their own customers as separate products. In total, Kerner tracked the sloppy-coded DVR firmware to 70 other DVR vendors.

Despite numerous contact attempts, Kerner was unable to get in contact with the company, meaning the vulnerability remained unpatched.

TVT flaw became a favorite target for IoT botnet herders
...
 
Last edited by a moderator:
Likes: DardiM
Mar 22, 2017
586
Operating System
Windows 10
Installed Antivirus
Avira
#2
Security updates come at a price. Chinese brands (not all) are known to have a poor software/customer support. Can't really say i'm surprised by this...
 
Likes: DardiM