So here I am poking at ILDVR INC-MH40D06 only to discover more and more security issues.
Security issue #1
WebUI hardcoded username and password (HANKVISION/HANKVISION).
Security issue #2
Apparently beyond “standard” webs binary running as webserver there is a separate instance of httpd running on the camera.
It runs on port 10081 and uses /mnt/flash/data as homedir.
The /mnt/flash/data contains a lot of config files (or status files to be exact):
/mnt/flash/data # ls -la
total 49
drwxrwxrwx 2 root root 0 Aug 5 2013 .
drwxrwxrwx 8 root root 0 Feb 8 16:13 ..
-rwx------ 1 root root 596 Dec 30 14:21 AlarmInfo
-rwx------ 1 root root 26 Dec 30 14:19 AudioConfig.txt
-rwx------ 1 root root 204 Dec 29 17:15 Auth8021xInfo
-rwx------ 1 root root 72 Dec 30 14:17 CameraInfo
-rwx------ 1 root root 64 Dec 29 17:15 ConfigScopeData
-rwx------ 1 root root 204 Dec 29 17:15 DDnsInfo
-rwx------ 1 root root 50 Aug 5 2013 DhcpFile.txt
-rwx------ 1 root root 50 Dec 29 17:15 DhcpSFile.txt
-rw-r--r-- 1 root root 64 Aug 5 2013 FilterInfo
-rwx------ 1 root root 632 Dec 29 17:15 FtpInfo
-rwx------ 1 root root 48 Dec 29 17:15 IgmpInfo
-rwx------ 1 root root 608 Dec 30 14:19 IvpathInfo
-rw-r--r-- 1 root root 80 Dec 30 14:19 MDScopeInfo
-rw------- 1 root root 2384 Dec 30 14:05 MOTO_PresetPoint
-rw-r--r-- 1 root root 8 Aug 5 2013 MobileInfo
-rwx------ 1 root root 356 Dec 29 17:15 MotionInfo
-rwx------ 1 root root 64 Feb 8 15:47 NetInfo
-rwx------ 1 root root 64 Dec 29 17:15 NetInfo_BSD
-rwx------ 1 root root 64 Dec 29 17:15 NetInfo_HK
-rwx------ 1 root root 148 Dec 30 14:07 NtpInfo
-rwx------ 1 root root 328 Dec 30 14:19 OsdInfo
-rw-r--r-- 1 root root 18 Aug 5 2013 OwnUserInfo.txt
-rwx------ 1 root root 68 Dec 29 17:15 PppoeInfo
-rwx------ 1 root root 356 Dec 30 14:19 PrivacyInfo
-rwx------ 1 root root 480 Dec 29 17:15 ProfileData
-rwx------ 1 root root 17132 Dec 30 14:20 PtzConfigInfo
-rwx------ 1 root root 11 Dec 30 14:21 SDInfo
-rw------- 1 root root 26 Dec 29 17:15 ShaInfo
-rwx------ 1 root root 492 Dec 29 17:26 SipInfo
-rw-r--r-- 1 root root 28 Aug 5 2013 SjkdInfo
-rwx------ 1 root root 800 Feb 8 14:14 SmtpInfo
-rw-r--r-- 1 root root 280 Aug 5 2013 SnmpInfo
-rwx------ 1 root root 320 Aug 5 2013 SysInfo
-rw-r--r-- 1 root root 36 Aug 5 2013 TutkInfo
-rwx------ 1 root root 4328 Feb 8 14:13 UserInfo
-rwx------ 1 root root 46 Dec 29 17:15 UuidData
-rwx------ 1 root root 15 Dec 29 17:15 Version.txt
-rwx------ 1 root root 36 Dec 30 14:20 VideoInfo
-rw-r--r-- 1 root root 12 Aug 5 2013 WifiBitrateInfo
-rw-r--r-- 1 root root 112 Aug 5 2013 WifiInfo
-rwx------ 1 root root 312 Dec 30 14:17 cameramode
-rwx------ 1 root root 312 Dec 29 17:15 cameramode_default
-rw------- 1 root root 10 Dec 29 17:15 device_model.txt
-rw------- 1 root root 2 Dec 29 17:15 hik.txt
-rw-r--r-- 1 root root 0 Jan 1 1970 hisi_ipc
-rwx------ 1 root root 18 Dec 29 17:15 ppcnCfg.txt
---------x 1 root root 320 Dec 30 14:20 profiledata
-rwx------ 1 root root 14 Dec 30 14:14 sensor.cfg
-rwx------ 1 root root 13 Dec 29 17:19 uluCfg.cfgThese will contain plain text ftp settings and smtp settings among other this. There is no hint of auth.