Digiever NVR Exposure of Sensitive Information Vulnerability

A vulnerability allowing unauthenticated remote attackers to access the system configuration file of certain Digiever NVR models. This access enables the retrieval of plaintext credentials for the NVR and its connected cameras. The vulnerability affects several NVR series models, including the DS-1200, DS-2100 Pro, DS-2100 Pro+, DS-2100 UHD, DS-2200 UHD, DS-2200 UHD+, DS-4200 Pro, DS-4200 Pro+, DS-4200 UHD, DS-4200 UHD+, DS-4100-RM, DS-4200-RM Pro+, DS-4200-RM UHD, DS-8x00-RM Pro+, DS-8x00-SRM Pro+, DS-8x00-RM UHD, DS-16x00-RM Pro+, and DS-16x00-RM UHD. The vulnerable firmware version is through x.x.x.78.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive information, specifically plaintext credentials for the NVR and its connected cameras.

Remediation

Users are advised to update the firmware to version x.x.x.79 or later.