Not of late, LILIN recorders were found to be vulnerable. Reportedly, botnet operators were behind the zero-day vulnerabilities that were exploited in the Digital Video Recorders (DVRs ) that the vendor is well known for.
Sources mention that the exploitation of the zero-day vulnerabilities had been a continuous thing for almost half a year and the vendor was unaware. Nevertheless, they rolled out a patch in February 2020.
Digital Video Recorders are electronic devices that collect video feeds from local CCTV/IP cameras systems and store them on different mass storage devices like SD cards, USB flash drives, disk drives, etc.
DVRs are a huge deal today given they are a major element for the security cameras that are used almost everywhere in these times.
With CCTV cameras raging, attacks especially designed for them have also risen equally. Malware botnets and other hacker operations have been targeting these widely used DVRs for quite some time now.
Per sources, the non-revised and out of date firmware stands to be the reason for these devices being hacked. Especially, the DVRs with default credentials are exploited to kick off DDoS and other IoT attacks.Sources mention that security researchers found LILIN’s DVRs too were being exploited for almost half a year, since August last year by three botnets.
The vulnerability in the “NTPUpdate”, sources mention, allows attackers to inject and control the system’s commands. Via one of the ‘hardcoded credentials’ (root/icatch99 & report/8Jg0SR8K50) the attacker stands a chance to retrieve and alter a DVR’ ..
Support the originator by clicking the read the rest link below.
