*************************************
Product: Everfocus EDSR series
Version affected: 1.4 and older
Website: http://www.everfocus.com/
*************************************
The EDSR firmware don't handle correctly users authentication and sessions.
This exploit let you to connect to every remote DVR (without username and password) and see the live cams :)
The exploit is available here.
I discovered this vulnerability on May 2008 and i informed the vendor, but apparently there is no solution at this time.
Ref: http://seclists.org/fulldisclosure/2009/Oct/211