这表明攻击企图利用多个 CCTV DVR 产品中的远程代码执行漏洞。该漏洞是由于对应用程序中用户提供的输入的清理不足。远程攻击者可能能够利用此漏洞通过精心设计的请求在应用程序上下文中执行任意代码。

Affected vendors include: Ademco ATS Alarmes technolgy and ststems Area1Protection Avio Black Hawk Security Capture China security systems Cocktail Service Cpsecured CP PLUS Digital Eye'z no website Diote Service & Consulting DVR Kapta ELVOX ET Vision Extra Eye 4 U eyemotion EDS Fujitron Full HD 1080p Gazer Goldeye Goldmaster Grizzly HD IViewer Hi-View Ipcom IPOX IR ISC Illinois Security Cameras, Inc. JFL Alarmes Lince LOT Lux Lynx Security Magtec Meriva Security Multistar Navaio NoVus Optivision PARA Vision Provision-ISR Q-See Questek Retail Solution Inc RIT Huston .com ROD Security cameras Satvision Sav Technology Skilleye Smarteye Superior Electrial Systems TechShell TechSon Technomate TecVoz TeleEye Tomura truVue TVT Umbrella United Video Security System, Inc Universal IT Solutions US IT Express U-Spy Store Ventetian V-Gurad Security Vid8 Vtek Vision Line Visar Vodotech.com Vook Watchman Xrplus Yansi Zetec ZoomX

系统被入侵：远程攻击者可以控制易受攻击的系统。

目前，我们不知道有任何供应商提供了可用于此问题的补丁或更新。