TVT units are trivial to find via Shodan, searching for "TVT RTSP" returns ~100K responses.
Retrieving "http://ip.add.re.ss:PORT/Css/Pictures/Login/LoginContent.png" gives you the branding image from the login page for at least some of the units.
Security researcher Bashis has disclosed a backdoor in TVT video surveillance products, with TVT issuing its own 'Notification of Critical Vulnerabilities'. Bashis has found numerous vulnerabilities in video surveillance products, most notably the 2017 Dahua backdoor, which later resulted in the industry's most widespread hacking attack.
In this note, we examine the TVT backdoor and TVT's response.
*******
****** ******** **** ***************:
**** *******:
********* ************** ** ******** ****** ****** configuration - ********* ***** *** ******** in ***** ****.
*** ******* ** ******** ****** *** user's ******** *** ********* **** ******* of *** ****** ** ********** **********.
** **** ** ********* ********:
***** **** ************* ******* **** ****** as '****** ******', ** ****** ****** out ********* ****** *** *** ****.
Fix *********
*** **** **** ***** ** * fix *********:
*** *** ******** *** ******** **** our *******, ** ** ** *** technical ******* ** *** ***** ******* technical ******* ** *** *** ***** firmware.
*** ******* ** *** ********* ** TVT **** *** **** ***.
Impact ** ****
*** ** ********* ** *** *** has****** ** ********** / ******** (*** this **** ** **). ** **** ****** ********* **** time, ** ** ********* ** ** certain ***** ****** ** ***** ****** are ********. ********, ** *** *** that ********* **** **** **** **** immediately ** **** ** *** **** future *** ****.
TVT - ~$** ******* *****
*** ** * ******** ****** ********* *** ******** ***** ********, ** 5% ** *****'* ****. *** *******'* 2017 ******* ** ~$** ******* *** it *** * ****** ************** ** ~$360 *******.
*** ***** ************ *********, *** ** mid-tier, ******* ** ******* ** ********* or ********* *** */**** ** ** the **** ** ***** *** */** or ** *** **** ** *********.
TVT's *******
*****'* ************, **** *** *** ************ ******* defense ** ********* *** ********:
******* ** ******** ****** ******* ****** all *************, ** ****** *** *** or *** *** ** *** ****** they ***, ***** ****** *** ** us ** ** ******** ** ******* our ******* *** *******.
** ******, **** ****** *** *** worse **** ******, **** ** ****-***** passwords *** *********** ********* ** ***** text.
**** **** ***** **** '*****' ***** vulnerabilities:
** ******** ***** * *************** **** a ***** **** **** ******** ******** ******.
*** ********* ****** *** ********* *** stupid ****** *** ** ******* **** if ***** *** ****-***** ********* ** TVT's *** ****, **** ***** *** need ** '****' **** ***** **** put **** ** *****. ********, *** only '*****' **** ***** ****** ******** it *** **** **** ** **** before *** ****** **********.
TVT units are trivial to find via Shodan, searching for "TVT RTSP" returns ~100K responses.
Retrieving "http://ip.add.re.ss:PORT/Css/Pictures/Login/LoginContent.png" gives you the branding image from the login page for at least some of the units.
Thanks. I was only able to do some brief digging around as the wifi on this flight is pretty crappy. Will do more investigation later.
...as the wifi on this flight is pretty crappy.
1. IP/port-scan for the in-flight router
2. Run general dictionary attack + aviation terms
3. Change bandwidth allocation for others
4. Have a nice flight.
Directions unclear.
Currently ziptied to my seat for attempting to hack the plane.
Seattle DVR
Is that a real thing? Wow, evidently it is and a horrendous website:
My impression has always been that they are kind of a commercial DIY oriented retail store, with some self branded NVRs. I have driven past their location for years, but never heard their name in the context of any project I have been involved in professionally.
Wow, evidently it is and a horrendous website:
Website seems on-par with their surveillance offerings.
Does this mean one can login to any TVT system (not patched with latest firmware of course) as an administrator just by entering the hard-coded password in the login page of the web interface?
Copy and Paste Code Clone of what Hik/Dahua were using, or is this there own original mess?
Was this exploit on IP cameras, NVRs, or DVRs...or all of the above?
Think it’s quite clear message, no?
Since you asked, whose ‘ignorance’ are they talking about?
All of the devices in the warehouse will be upgraded properly by us or by our local partners. Our online upgrading system will do its job, and we expect your attention in case of failure due to ignorance or other reasons.
"We recently found 3 vulnerabilities with a great help from 3rd party security expert. 2 of them are deeply inside the firmware, and can be used to control the devices, or even damage the info or devices if professional know-how is there. We seriously ask for a update of firmware in proper way to block the vulnerability, in order to avoid the possible risk in the future."
I guess they pay as much attention to grammar, punctuation as they did on their bug ridden firmware.
A few contradictions, least alone trying to save their face!
Attention, it seems that Mirai clone (?) has started to exploit this vulnerability.
Source: Google dork
Virustotal samples
VirusTotal (dropper)
VirusTotal (dropper)
VirusTotal (scanner/bot)