Sony Gen 5 IP Cameras Critical Vulnerabilities

By IPVM Team, Published on Jul 26, 2018

Cybersecurity vulnerabilities remain prevalent in video surveillance devices.

Now Talos researchers have discovered multiple vulnerabilities in Sony Gen 5 cameras. Inside this note we examine:

  • Ease or difficulty of exploit
  • Vulnerabilities explained
  • Impact compared to others
  • Manufacturer response

Key ********

***** *** *** *************** (***-****-**** *** ***-****-****) ** **** *** 5 ******* (~**** - 2015 *****), **** ****** a ******** *.* / 10.0.

****** ******** *******:

*** *************** ****** **** IPELA **** ******** *.**.** back ** ** ***** 1.79.00 *** ******** ***** version ** ****. *** vulnerabilities ** *** ****** current *** * *******.

**** *********** ******* ************* ******** *** ***************.

Exploit *********

*** ********* ****** ** high *** *** ******* to ******* ** ********. Because the *************** ***** ****** Linux ******** ** ** executed ******* ******* *** admin ********, ** ****** the ******* ** ** taken ****, **** ** part ** ***, *******, etc. *******, ******* *** has ** **** **** commands ** *******, ** is *** ** ****** as **** ***** (*.*., the**** ********** ************ ********).

*********, ******, *** **** is **** *** ********** cameras ****** ** ********. 

 

 

*******

** ************ ****** **** proof ** ******* ** a **** ***-***** **** firmware ******* *.**.** ** well ** * **** SNC-CH240 ******** ******* *.**.**, as ************ ** *** gif *****:

Response **** ****

**** ********* ** ****:

**** ******** ************** *** *********** regarding ******* ******** ** a ***** *****.

******** *********** ******* *** carried *** ***********, ***** are ******** ** ****** through *** ******** *** agencies.

**** ********* ** ********** ************ changes ******* ******** *******, respond ** *******, *** strive ** ****** **** its ********/********* *** ****** reliable 

*******, ** **** **** is ***** **** ** a ***** *****, ** does *** *** ******** of *** ***** * critical *************** **** *** found ** **********.

2016 **** ********

**** ** *** *** first ******** ************* ***** in ****'* ** *******. In ****, *****-***** ******** *** *********.

Bosch **** ****** ******? 

****, ** ****,***** *********** **** **** Sony ***** ************. *** ** *** things ***** ******** ** their ******** ** ********** and ************* *** **** they ***** ***** ***** strengths ** ****. ** the *** ****, ***** are ***** **** *******, on *** *****, ** remains ** ** **** what ******** *** ********** Bosch **** ***** ** Sony's ** *******.

Comments (38)

i heard the latest government ban will now include Axis, Bosch and Sony. Since virtually every manufacturer has had vulnerabilities, The Government now suggests that you should arm your properties via Home Alone style boobytraps. Much less prone to hacking and obviously more effective to deterring bad guys.

Since virtually every manufacturer has had vulnerabilities

Though none with the frequency and severity of Hikvision and Dahua.

AFAIK, Mobotix is the only brand that has never been hacked

Mobotix devices can't even be reset with a trip to the factory. It's a double-edged sword, security vs convenience, and I'd take securoty.

UD 1, that is a false statement.  These types of ongoing statements are similar to the Russian campaign that put us in the presendential mess we are currently in.  Why is it I expect to see the word Hikvision in every comment section (no mention in article). 

These guys/gals actually believe these things as fact, the more the random UDs post this type of comment, without the stones to identify themselves.

In addition, I get it that “critical vulnerabilities” sells papers, but understand that this only occurs when one exposes these devices to a public network.  Who does this?  This sensationalism jounalism, without devulging all the facts regarding risks, has many of my clients asking about risks constantly (there are non, closed private networks). 

So those of you with Sony Gen 5 cameras, assess your system design before becoming alarmed about system exploits.  

 

I get it that “critical vulnerabilities” sells papers

And if we did not report on this, then you and other Hikvision dealers would attack us for only reporting on Dahua and Hikvision's vulnerabilities.

Secondly, we linked to the full disclosure report in the free / publication, so we are hardly going to sell anything with this.

only occurs when one exposes these devices to a public network. Who does this?

Jeffrey, lots of people - either by design or by mistake. Mirai botnets and Dahua massive hack attacks would not happen if no one did this.

And even if you are on a 'closed private network', better to upgrade devices lest at some future point, network changes (by design or mistake) make them accessible.

 

UD 1, that is a false statement. 

Please elaborate. Which manufacturer has had more vulnerabilities and exploits than Hikvision (or Dahua)? Which manufacturer, or vulnerability, has had vulnerabilities with more severity than Hikvision's magic string, or Dahua's built-for-botnets flaws?

TVT, I suppose.

Maybe, but that doesn't support the (to me) implied position that "all" manufacturers have had vulnerabilities on part with Hikua.

Nominating TVT makes it seem more like all Chinese manufacturers have produced insecure devices that create an undue amount of risk for the end-user (also, we might as well lump XM in here too, for their part in Mirai at least).

I am not seeing evidence that Hikua's biggest competitors (Axis, Avigilon, Bosch, Hanwha, etc.) in the commercial segment have in any way suffered from the same kind and frequency of vulnerabilities as the Chinese products.

I'd say nobody is even close to the Big Three.

https://www.shodan.io/search?query=dahua

I think it is because while Western products were initially designed to be used in regulated environments and with the cyber security in mind, at least to some extent, the Chinese products are designed to barely do their job at the lowest possible cost.


Mr Hinkley, what mess you speak of. Our GDP is at record high as is my investment returns. Our business is at five months backlog......I am enjoying this mess.

 

 

I am a decendant of Governor Thomas Hinckley, Plymouth Colony, so I would hope you can get my name correct.

Sorry it took me so long to respond, I only visit IPVM 1-2 times a week.

I guess my point is that none of the manufacturers is immune to security vulnerabilities if you put their products with all ports open on a public IP.  Design on a simple basis is key for all products.  Do you need a valid Gateway?  Do you need to have a DNS address.  In my case (City/Commerical Enterprise Networks) the answer is no.  Flat enterprise vlans are the way to go.  On smaller systems (single site) dual NICS with one for the cameras (no Gateway) and one to customers data network eliminate any form of vulnerability.

I guess my other gripe is with the pessimism that exists with posts, including comments about the security flaws with Hikvision (and Dahua).  I see few articles and posts from IPVM where these names do not come up in some fashion.  I am not going to name any manufacturers (to show bias) but you have to realize that the others have similar amount if not more vulnerabilties.  Look it up, research it, and you will find that all IoT devices are equally exposed if you give them a public address or route them to networks with "bad guys/gals/kids".  You would think Sonicwall or Barracuda would release some cameras with their software providing protection (but not complete protection).  This would of course increase CPU/memory needs of the devices. 

In the Trump era (by the way, I am an independant neither supporting the USA left or right) we finally have a following that are truly the bad guys.  Polls show that only 20% of Republicans were against Trumps speech at Helsinki.  How is this possible?  Because these followers were groomed by Fox news and Breitbart.

I have been a IPVM member since the begining (when it was on Linkedin groups) so have been around for awhile.  It stinks that IPVM have scared away all of the manufacturers from making comments (I get it, I would tell my employees today "your fired if your post") as well as other top level integrators like myself (20 years experience, Electrical Engineer).   Now it seems all of the followers, even though many, are the "yeah,what he said"variety with limited technical insight to discussions. 

In this discussion, an article was written about a product (which by the way, had a vulnerabilty which the manufacturer corrected via firmware update) with the 2nd comment including (which by the way, was deleted by IPVM) a remark about Hikvision/Dahua vulnerabilities (by a undisclosed contributor).  Hows that for manipulating commentary and news feeds.  I no longer start threads in the discussion section because IPVM commonly changes my title and words.  

Members are missing out on true support and commentary by those in the trenches in this sector by manipulating our wording and subject matter.  I expect that this post will be soon edited, so those that read it, chime in to bring back the original and true mission of IP Video Marketplace.  

 

In this discussion, an article was written about a product (which by the way, had a vulnerabilty which the manufacturer corrected via firmware update) with the 2nd comment including (which by the way, was deleted by IPVM) a remark about Hikvision/Dahua vulnerabilities (by a undisclosed contributor).

No comment was deleted here. I get emails for every comment posted on every thread and I just cross-checked that to what is posted here and all comments remain, none were deleted.

Indeed, the 2nd comment about Hikvision/Dahua vulnerabilities is still right there, I'll screencap it for you to make it clear:

I'd appreciate if you acknowledge you made a mistake.

It stinks that IPVM have scared away all of the manufacturers from making comments 

What are you talking about?

As for:

I expect that this post will be soon edited

No, I am happy to leave it as is, errors and all.

I guess my point is that none of the manufacturers is immune to security vulnerabilities if you put their products with all ports open on a public IP. 

Where has someone claimed another manufacturer is immune? I saw a comment about Mobotix having no reported vulnerabilities so far (I have not spent any time determining if that is correct or not, just to be clear). However, I do not recall seeing claims of vulnerability immunity.

On smaller systems (single site) dual NICS with one for the cameras (no Gateway) and one to customers data network eliminate any form of vulnerability.

This is patently false. It may eliminate vulnerabilities from outside attack, but it will not eliminate "any form of vulnerability". Inside threats are real. And, if you have a Hikvision camera that comes setup by default to connect to a given Wifi SSID, then you have a potential gateway into that "secure" network, then into the recorder, then into the rest of the LAN that you thought was protected. Not saying it is common, or easy, but don't fool yourself into thinking you've built a scenario where you have eliminated "any form of vulnerability".

I am not going to name any manufacturers (to show bias) but you have to realize that the others have similar amount if not more vulnerabilties. 

If you're going to make claims like this, you are going to be called out to back them up. Nobody will take it as "bias" if you manage to show how some other manufacturer has been shown to be even less secure than Hikua. Making statements like that and then pretending to ride some high horse to prevent you from backing up your claim seriously diminishes your credibility.

with the 2nd comment including (which by the way, was deleted by IPVM) a remark about Hikvision/Dahua vulnerabilities

Well, that was because the FIRST comment was some utter rubbish commonly spewed by Hik apologists who have either not bothered to look past the surface, or simply don't understand cyber security vulnerabilities with any depth (you know, the kinds of folks who think you can "eliminate any form of vulnerability" with a segmented network).

(by a undisclosed contributor)

Validity of my comments is unaffected by disclosure of my name. Try disputing my claims and comments with specific facts and data inside of offhand comments about what name is, or is not, attributed to the comment. I am probably making it easier for you to sway opinion against my posts by NOT signing them.

I am a decendant of Governor Thomas Hinckley, Plymouth Colony, so I would hope you can get my name correct.

Separately, I'm not sure if you are really a funny guy, or if you and Jeff Zwirm would likely be best pals.

I am a decendant of Governor Thomas Hinckley, Plymouth Colony, so I would hope you can get my name correct.

Internet Rule #3A:  Any post calling someone out for spelling must NOT under any circumstances, itself contain a speling eror.

As a matter of fact, so far Mobotix had only two vulnerabilities discovered, in 2006 and 2016, both cross-site, basically, stealing login credentials, which makes them pretty much "immune" to any untargeted attack.



Mobotix doesn't using Linux as OS to my best knowledge, and also therefore not so easy to 'unpack' of the Firmware.

However, with your statement:

which makes them pretty much "immune" to any untargeted attack.

I get extremely tempted to privately purchase one or two units, only for the sake to see your statement are true or not... as far i know, none are 'immune', and I'm sure there are something juicy with Mobotix too.

 

Some information here, a bit more than the datasheet.

Mobotix Software Development Kits

Thx, useful stuff.

Thx, useful stuff.

Oh, sh*t.

Had an old Mobotix AG S15D, booted up DHCP here is what I got. Linux Kernal ID as 2.6 :D ...probably hit it up with wireshark and see what phones home.

Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-30 16:32 Pacific Daylight Time
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 16:32
Completed NSE at 16:32, 0.00s elapsed
Initiating NSE at 16:32
Completed NSE at 16:32, 0.00s elapsed
Initiating ARP Ping Scan at 16:32
Scanning 192.168.1.176 [1 port]
Completed ARP Ping Scan at 16:32, 0.66s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:32
Completed Parallel DNS resolution of 1 host. at 16:32, 0.00s elapsed
Initiating SYN Stealth Scan at 16:32
Scanning 192.168.1.176 [65535 ports]
Discovered open port 111/tcp on 192.168.1.176
Discovered open port 80/tcp on 192.168.1.176
Discovered open port 443/tcp on 192.168.1.176
Completed SYN Stealth Scan at 16:32, 4.09s elapsed (65535 total ports)
Initiating Service scan at 16:32
Scanning 3 services on 192.168.1.176
Completed Service scan at 16:32, 12.26s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 192.168.1.176
NSE: Script scanning 192.168.1.176.
Initiating NSE at 16:32
Completed NSE at 16:32, 6.44s elapsed
Initiating NSE at 16:32
Completed NSE at 16:32, 0.01s elapsed
Nmap scan report for 192.168.1.176
Host is up (0.000070s latency).
Not shown: 65532 closed ports
PORT    STATE SERVICE  VERSION
80/tcp  open  http     Mobotix Camera http config
| http-auth:
| HTTP/1.1 401 Unauthorized\x0D
|_  Basic realm=MOBOTIX Camera User
|_http-favicon: Unknown favicon MD5: D9526978908979FA5018DB0BCC762AA0
| http-methods:
|_  Supported Methods: GET POST
| http-title:  Error 401: Unauthorized access
|_Requested resource was /control/userimage.html
111/tcp open  rpcbind  2 (RPC #100000)
| rpcinfo:
|   program version   port/proto  service
|   100000  2            111/tcp  rpcbind
|_  100000  2            111/udp  rpcbind
443/tcp open  ssl/http Mobotix Camera http config
| http-auth:
| HTTP/1.1 401 Unauthorized\x0D
|_  Basic realm=MOBOTIX Camera User
|_http-favicon: Unknown favicon MD5: D9526978908979FA5018DB0BCC762AA0
| http-methods:
|_  Supported Methods: GET POST
| http-title:  Error 401: Unauthorized access
|_Requested resource was /control/userimage.html
| ssl-cert: Subject: commonName=mx10-12-220-241/organizationName=MOBOTIX AG/stateOrProvinceName=Rheinland-Pfalz/countryName=DE
| Subject Alternative Name: DNS:mx10-12-220-241.local, DNS:mx10-12-220-241, DNS:10.12.220.241, IP Address:10.12.220.241
| Issuer: commonName=MX-ProduktionSubCA-1/organizationName=MOBOTIX AG/stateOrProvinceName=Rheinland-Pfalz/countryName=DE
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2013-05-24T18:54:53
| Not valid after:  2033-05-19T18:54:53
| MD5:   ffff 7417 2425 8e89 099e 8e3e 4ae8 764c
|_SHA-1: ca56 a650 668e ea0c 09d8 0d53 d748 1319 7ab9 5dc7
|_ssl-date: 2018-07-30T22:16:58+00:00; -1h15m56s from scanner time.
MAC Address: 00:03:C5:0C:DC:F1 (Mobotix AG)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.36 - 2.6.37
Uptime guess: 497.101 days (since Mon Mar 20 14:07:10 2017)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=201 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Device: webcam
 
Host script results:
|_clock-skew: mean: -1h15m56s, deviation: 0s, median: -1h15m56s
 
TRACEROUTE
HOP RTT     ADDRESS
1   0.07 ms 192.168.1.176
 
NSE: Script Post-scanning.
Initiating NSE at 16:32
Completed NSE at 16:32, 0.00s elapsed
Initiating NSE at 16:32
Completed NSE at 16:32, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 30.13 seconds
           Raw packets sent: 65555 (2.885MB) | Rcvd: 65556 (2.623MB)
 

In my head this just read as:

 

Challenge Accepted!

I am ... Governor Thomas Hinckley, Plymouth Colony, so I would hope you can get my name correct.

Said the Governor to his wife Mrs. Hinkley.

Vulnerabilities detected on the product that are not in the production for ~ 5 years (does not make vulnerabilities less important). Patched firmware released few weeks ago and properly communicated to all customers. Everything is transparent and fixed. In the IP world, vulnerabilities could happen to any products connected to the network. Besides the fact that no damage has been done, so far, the most important topic is how issue would be identified, handled and sorted out by manufacturer. This is one of the things that makes manufacturers different.

Besides the fact that no damage has been done

Dear Sony employee, this is an incredibly naive and irresponsible response. Do you think hackers announce publicly when they use vulnerabilities? Of course not.

That these vulnerabilities existed for many years is a big problem, just like Sony backdoor found 2 years ago.

With these vulnerabilities, who knows how many more are out there, being used by hackers, and not reported by white hats?

Dear John,

I am NOT a Sony employee.

First Vulnerability detected with Sony cameras was treated in the same way. Identified, communicated and sorted out in the shortest possible time. Openly, announced in public, with company logo, even before it was announced on IPVM. 

Of course, hackers do not announce their R&D job in public, and that was NOT the topic of may comment. I just mentioned that it can happen to any IP based product, including security cameras.

Regarding possible damage,  my comment was on my behalf, and I  confirm that no damage, with Sony cameras, know to me. Maybe you can say "do not push your luck" , or maybe my knowledge is not so big as yours, or you can say "this is an incredibly naive and irresponsible response" but this is my personal conclusion based on facts known to me.

 

I am NOT a Sony employee.

Yes, all Sony employees now work for Bosch but your LinkedIn profile shows you sell Sony for Bosch. Disclose your affiliation or we will do it for you.

It is good to admit a mistake. You made another one with "all Sony employees now work for Bosch" but I believe it was just a generic conclusion you found from the newspaper. Anyway, this conversation went off topic, no need to continue, it is unhelpful, as you mentioned.  

Are you saying your LinkedIn profile is wrong and that you no longer work for Bosch nor Sony? If that is true, update your LinkedIn profile and I will issue a full apology.

Dear John ,

You addressed me as "Dear Sony employee....." .

My reply was "I am NOT a Sony employee". And this is 100% correct. At least I know for who I am working for, don't you think ?

 

You're not helping your cause. You are a Bosch employee selling Sony (poorly) attempting to minimize the significance of a vulnerability impacting your products.

You are journalist attempting to minimize (poorly) the significance of your mistakes. I really do not need to compete with you in counting number of comments on IPVM. For any constructive approach, I am open for discussion.

All the best!

You're employing the logical fallacy of "distinction without a difference". I hope it makes you feel better because I can guarantee you are embarrassing both Sony and Bosch.

My reply was "I am NOT a Sony employee". And this is 100% correct. At least I know for who I am working for...

Ok then, what’s the worst thing you can say about Sony surveillance products?

C’mon, really give them a good thrashing!

 

 

 

 I would like to coin a term as evidenced here and in other discussions.  The Internet has "Goodwin's Law".  I think here on IPVM we have "Honovich's Law".  As a discussion grows, it will always come back to or be compared to Hikvision and Dahua.

As an example, this discussion is about Sony and it immediately devolved into the typical haters vs fanboys of Hik/Dahua.  Drawing the conclusion that if it can happen to Sony, then Hik/Dahua aren't so bad etc.  Firewalls and segmented networks are also usually brought up as examples and evidence, as well as links to other discussions and misspellings and undisclosed postings fanning the flames.

Does this exploit work in both HTTP/S? Thanks!

HTTPS are preferred as it gives some privacy ;)

Yes, working with both HTTP/HTTPS.

Read this IPVM report for free.

This article is part of IPVM's 6,599 reports, 889 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Ubiquiti Access Control Tested on Oct 21, 2020
Ubiquiti has become one of the most widely used wireless and switch providers...
Multilaser / Giga Security Brazil Company Profile on Oct 05, 2020
As part of our expanded Latin America coverage, IPVM is profiling regional...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
FLIR Markets Windows Temperature Screening, Violates IEC And Causes Performance Problems on Jul 17, 2020
FLIR, one of the largest thermal screening manufacturers, is marketing...
Verkada 2020 Cameras Image Quality Test on Oct 06, 2020
Verkada's first-generation cameras suffered from numerous video quality...
Video Analytics Online Show 2020 - 35+ Manufacturer On-Demand Recordings on Sep 04, 2020
This show featured 35+ Video Analytics providers showcasing their latest...
Temperature Tablet Shootout - Dahua, Hikvision, ZKTeco, TVT + 5 More on Sep 30, 2020
Temperature tablets, aka terminal or stations, have emerged as a 'low-cost...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Sony 61MP Surveillance Sensor Examined on Sep 04, 2020
For a decade, the highest resolution single-imager surveillance cameras have...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...
Infinova, March Networks and Swann H1 2020 Financials Examined on Sep 02, 2020
While Dahua and Hikvision, helped by fever camera sales, are recovering from...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...
Favorite Video Surveillance Hard Drive Manufacturer 2020 on Aug 27, 2020
Western Digital and Seagate effectively have a duopoly in hard drives but...
New Products Show Fall 2020 - 25+ Manufacturers On-Demand Recordings on Sep 30, 2020
This show featured 25+ Manufacturers showcasing their latest new products....
Verkada Access Control Tested on Sep 09, 2020
Verkada raised $80 million earlier in 2020, expanding from video into access...

Recent Reports

Bedside Cough and Sneeze Detector (Sound Intelligence and CLB) on Oct 28, 2020
Coronavirus has increased interest in detecting symptoms such as fever and...
Fever Tablet Thermal Sensors Examined (Melexis) on Oct 28, 2020
Fever tablet suppliers heavily rely on the accuracy and specs of...
Verkada Fires 3 on Oct 28, 2020
Verkada has fired three employees over an incident where female colleagues...
Recruiters Online Show LIVE Thursday! on Oct 27, 2020
IPVM's 7th online show resumes Thursday with 12 recruiters presenting...
Eagle Eye Networks Raises $40 Million on Oct 27, 2020
Eagle Eye has raised $40 million aiming to "reinvent video...
Hikvision Q3 2020 Global Revenue Rises, US Revenue Falls on Oct 27, 2020
While Hikvision's global revenue rises driven by domestic recovery, its US...
VICE Investigates Verkada's Harassing "RawVerkadawgz" on Oct 26, 2020
This month, IPVM investigated Verkada's sexism, discrimination, and cultural...
Six Flags' FDA Violating Outdoor Dahua Fever Cameras on Oct 26, 2020
As Six Flags scrambled to reopen parks amid plummeting revenues caused by the...
ISC Brasil Digital Experience 2020 Report on Oct 23, 2020
ISC Brasil 2020 rebranded itself to ISC Digital Experience and, like its...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...
GDPR Impact On Temperature / Fever Screening Explained on Oct 22, 2020
What impact does GDPR have on temperature screening? Do you risk a GDPR fine...
Security And Safety Things (S&ST) Tested on Oct 22, 2020
S&ST, a Bosch spinout, is spending tens of millions of dollars aiming to...
Nokia Fever Screening Claims To "Advance Fight Against COVID-19" on Oct 22, 2020
First IBM, then briefly Clorox, and now Nokia becomes the latest Fortune 500...
Deceptive Meridian Temperature Tablets Endanger Public Safety on Oct 21, 2020
IPVM's testing of and investigation into Meridian Kiosk's temperature...
Honeywell 30 Series and Vivotek NVRs Tested on Oct 21, 2020
The NDAA ban has driven many users to look for low-cost NVRs not made by...