You might try user root, psw vizxv at the shell prompt. That got me into the WAN port on my QC804. It is probably the same going in through the LAN ports. I nosed around inside soon after I got it last fall. Found that most of the NVR behaviors are inside a single executable, making it hard to do any reverse engineering there. But the linux environment is there and might let you query the hardware configuration, especially identifying the processor, memory size, etc.