Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | [2] | (show all)   Print Thread
Standard User IanBB
(committed) Sun 27-Jan-19 23:57:56
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
I can ping my Now TV Smart Stick...
Standard User dwg1
(regular) Mon 28-Jan-19 13:09:16
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
I think I see your point smile
Standard User teshy
(newbie) Mon 28-Jan-19 16:40:49
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
I have a CCTV DVR installed by a local security company and I have been meaning to try this in order to secure the DVR. I think the company had access to it via the cloud app. Your question prompted me to try to get into its admin console, and here is what I have been able to do so far.

I couldn't telnet to it, however, using a web browser (I had to use Internet Explorer because Chrome and Firefox did not allow required plugins to load, although I am sure there must be a way to use these) I could get to its web admin console.

Search for your model number and default admin user name and password (unless of course you already know the credentials). I got into mine in less than a minute and changed its admin password and set a static IP address. There are a number of settings in the web admin console, although I could not find any to enable Telnet or SSH. At least now I know the installing company cannot get into the system - the cloud app on my phone stopped working and I had to enter the new password into the app).

I connected a USB mouse and keyboard, along with an old VGA monitor to the DVR and was able to access its console although, as yet, I have not been able to do much with it apart from view the various camera feeds.

I'll explore it further later.

Out of curiosity, what are you trying to achieve by using telnet to access the DVR?

Edited by teshy (Mon 28-Jan-19 16:43:30)


Register (or login) on our website and you will not see this ad.

Standard User dwg1
(regular) Tue 29-Jan-19 02:46:55
Print Post

Re: Telnet help please


[re: teshy] [link to this post]
 
The problem with the GUI, is it's limited to its CCTV/DVR configurations. As the box is connected to the LAN 24/7, (not internet) it seemed to make sense at looking into the possibility of being able to use it for forwarding the router logs to... So far no joy though, but thank you for sharing smile
Standard User caffn8me
(eat-sleep-adslguide) Tue 29-Jan-19 09:45:44
Print Post

Re: Telnet help please


[re: teshy] [link to this post]
 
In reply to a post by teshy:
At least now I know the installing company cannot get into the system
Except they can. It's not just the installers who can still get in, it's anyone and it's trivial. You have missed a key point in both my post and the article I linked to. I knew about the hardcoded default password from firsthand experience but it is confirmed in the SEC Consult article;

even if the device has been secured by changing the admin password, it can be accessed via the XMEye cloud via the “default” user.

In a related post; SEC Consult say;

SEC Consult advises not to use the products of Xiongmai and any 3rd party OEM device associated with the XMeye cloud feature.

Workaround

There are no workarounds available as the devices are connected via the cloud, the usual recommendations changing default passwords, strict firewalling and network segmentation unfortunately do not mitigate the whole range of discovered issues.


Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Administrator MrSaffron
(staff) Tue 29-Jan-19 11:15:09
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
If wanting to go down the DIY route for this you probably want a LINUX box that you can control, and perhaps a Raspberry PI meets that at a low cost

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User teshy
(newbie) Tue 29-Jan-19 11:54:26
Print Post

Re: Telnet help please


[re: caffn8me] [link to this post]
 
Except they can. It's not just the installers who can still get in, it's anyone and it's trivial. You have missed a key point in both my post and the article I linked to. I knew about the hardcoded default password from firsthand experience but it is confirmed in the SEC Consult article;


Thanks for the information about it being trivial to get into the DVR. I hadn't actually read your post, I was replying to dwg1's original post.

I don't think I am using any of the products mentioned in the link you posted, however, at least now I know of the vulnerability in these devices.
Pages in this thread: 1 | [2] | (show all)   Print Thread

Jump to