cpuinc,
Have you made any progress with this PCI compliance vulnerability? I'm facing the same problem with my DVR's embedded web server and IP enabled credit card terminals. I was given the same reports you reference.
I'm having a difficult time coming up with a solution. I'm thinking individual /independent Static IP addresses for the DVR and the CC terminal would work, but I don't want to pay $120 additional each month for the luxury (6 locations). I use dyndns.org now for updating my dynamic IP addresses. Works great.
Hardware based firewall in front of DVR? (I'm asking).
I don't know enough about networking to know if it's possible to isolate a web server with a public IP address that is the same (and only) one that the credit card terminal uses to process transactions.
It seems to me this issue will be very big soon for a lot of people. Has anyone come up with any creative solutions?