Everfocus EDR1600 vulnerability

Cross Site Scripting and HTML Injection

Posted by Andrea Fabrizi on October 22, 2009

The EDR1600 firmware doesn’t handle correctly users authentication and sessions.

This exploit let you to connect to every remote DVR bypassing the authentication and watch the live cams.

The poc is available here

BID: http://www.securityfocus.com/bid/42274