GeoVision Digital Video Surveillance System Directory Traversal Vulnerability
GeoVision Digital Video Surveillance System Directory Traversal Vulnerability
“Cheap DVRs produce poor quality video, period. There is no free lunch when it comes to surveillance systems. We replace cheap DVRs all the time.” says Eric Lawton, President and founder of Lawton media Services LLC.
Digital Video Recorders (DVRs) consist of two main types: Embedded DVRs or PC based systems.
Dejan Levaja has reported a vulnerability in GeoVision Digital Video Surveillance System, which can be exploited by malicious people to disclose sensitive information.
The vulnerability is caused due to an input validation error in the included HTTP server when processing GET requests. This can be exploited to read arbitrary files from an affected system via directory traversal attacks.
The vulnerability is reported in version 8.2. Prior versions may also be affected.
Embedded Hardware All-In One DVRs do not use a Windows operating system and contain no software at all on the hard disk(s). All application functions are contained (embedded) in firmware (software encoded on chips). These DVRs look like the VCRs of yesterday, except they do not have the litle door in the front for the VCR tape. Instead they have a CD tray for recording stored video.
These DVRs are also becoming popular in homes for recording TV shows. Most alarm companies and small dealers utilize this type of DVR since it is inexpensive and easy to install - mostly plug & play. The downside is that it’s features are limited (hard to review recorded inages), it’s storage fixed, and it’s picture quality is average (TV resolution).
When comparing embedded DVRs to PC based systems, always look at the viewing and recording specs. Real time viewing and recording of a single camera means that it will view and record what that camera sees at 30 frames per second (fps). Two cameras - 60 fps; three cameras - 90 fps; etc. all the way up to 16 cameras at 480 fps. The vast majority of embedded DVRs do not record at real time, and few view at real time. Why is that important? Do you want to miss something while looking at a jerky image?
Newer embedded DVRs are coming on the market that rival PC based system’s quality, but they cost as much or more right now.
PC based Digital Video Recorders are complete hardware/software computer-based systems incorporating video capture, video multiplexing, point-and-click video recording and playback, crystal-clear video display and remote video access via Internet and/or LAN. PC based DVRs are not simply a collection of computer hardware, however - they represent carefully selected hardware and software components which are proven to work well together in the demanding video processing environment. Software, hardware and firmware settings are carefully optimized to ensure maximum performance without problems. PC based DVRs can support multiple numbers of CCTV security cameras - from 4 to 32.
Microsoft Windows XP or Vista is provided as the operating system on our PC based DVRs. In addition, system restore software is also included on all systems. All software provided includes original CDs and manuals.
So, if picture quality and system flexibility are important to your application, we recommend PC based systems.
