Adam Zambrzycki

**Name of the Vulnerable Software and Affected Versions** Longse NVR (Network Video Recorder) model NVR3608PGE2W Longse model LBH30FE200W cameras **Description** The issue concerns the transmission of user login and password to a remote control service without encryption, allowing an on-path attacker to eavesdrop on the credentials and obtain access to the video stream. This occurs when a user changes their password in the router's portal. Additionally, there is an issue with an undocumented binary service CoolView that provides unrestricted access to an attacker in the same local network, potentially allowing read/write operations on the device's memory and bypassing telnet login. **Recommendations** For Longse NVR (Network Video Recorder) model NVR3608PGE2W, consider disabling the remote control service until a patch is available to prevent credential eavesdropping. For Longse model LBH30FE200W cameras, restrict access to the undocumented binary service CoolView to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device (affected versions not specified) **Description** The issue concerns the creation of a WiFi network with a default password by the Longse NVR model NVR3608PGE2W and products based on this device. Users are neither advised to change the default password during the installation process nor is the need to change it described in the manual. As a result, it is likely that the default password remains unchanged, especially since cameras from the same kit connect automatically. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Longse model LBH30FE200W cameras (affected versions not specified) **Description** The issue allows an attacker in the same local network to access an undocumented binary service `CoolView` on one of the ports, providing unrestricted access. With knowledge of available commands, an attacker can perform read/write operations on the device's memory. This could result in bypassing telnet login and obtaining full access to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Longse model LBH30FE200W cameras (affected versions not specified) **Description** The issue concerns Longse model LBH30FE200W cameras and products based on this device, which use telnet passwords that follow a specific pattern. Once the pattern is known, it becomes relatively easy to brute-force the password. Additionally, every camera with the same firmware version shares the same password. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.