SIDE-EFFECT of firmware patch: It appears the patch affects the user cred file (you know what it is) in a malformed way, if you look at your user account page you will see a new user "null" added. While we tried deleting it, that was unsuccessful. Also another user management app which I am told uses Dahua's protocols was unsuccessful.
I don't think (am unsure, actually) this is a risk but it is uncomfortable. Since telnet is disabled (and can't be reenabled with the http API url) we can't directly edit the account file. Serial access might work but its too much of a hassle and requires physical access to the camera....my curiosity might get the better of me on this.
ANYONE know how to "delete" this "user"? Is this any risk to leaving as-is?
This is confirmed on "S" series PTZ.
NOTICE: This comment was moved from an existing discussion: Dahua Backdoor Uncovered