Vulnerability in leakage of DVR setting file
The vulnerability in possibility of acquiring DVR (Digital Video Recorder) setting file, DVR.cfg, of multiple makers from Internet without any authentication was reported [1].
Thus, we updated IoTPOT allowing attackers to download our DVR.cfg file without any authentication. Within 23 days of monitoring period, 22 hosts downloaded our DVR.cfg file 906 times from IoTPOT. We could also confirm that authentication information such as ID and password written in our “DVR.cfg” file was used by attackers to log in to our honeypot.
In addition of authentication information, DVR.cfg file may contain ID and password of PPPoE account and other sensitive information of FTP, Mail and DSN servers. Thus, we expect that this vulnerability may lead to serious damages in future.
[1] RAID7, Multiple DVR Manufacturers Configuration Disclosure
https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure
