COMMAX CVD-Axx DVR Weak Default Credentials and RTSP Stream Disclosure Vulnerability

A vulnerability exists in COMMAX CVD-Axx DVR models running version 5.1.4, as well as several models in the 4.4.1 and 5.1.2 versions. The issue stems from weak default administrative credentials that can be easily guessed, allowing remote password attacks. Exploitation of this vulnerability also leads to unauthorized access to the RTSP stream. Attackers can send a POST request with the 'passkey' parameter set to '1234' to access the web control panel, where they can view live snapshots and stream video via the RTSP link.

Impact

Exploitation of this vulnerability allows for unauthorized access to the web control panel and RTSP stream, including live video and snapshots from the DVR.

Reproduction

To reproduce this vulnerability, send a POST request to the '/cgi-bin/websetup.cgi' endpoint with the 'passkey' parameter set to '1234'. This will bypass authentication and grant access to the web control panel. From there, the RTSP stream can be accessed, and snapshots can be viewed by requesting specific image URLs.