Recently I meet my new now not so good friend anymore an EverFocus DVR which my boss had bought. He had been informed from the vendor that it would support smartphones and tablets. So he asked me to set it up.
From what I have seen so far, it's impossible to even enter a secure password, because somehow this DVR insist on having the possibility to enter the password from an numeric remote.
Then the EverFocus manual actually suggest opening this up through port 80 or what ever, making it possible for anyone to brute force, and then I'm ignoring the fact that there already exist a number of exploits related to this brand alone.
Have anyone succeeded sshing into these DVRS and adding a more secure password, and then again as I read in this forum, is it encrypted at all, or just ignored making the DVR looking like a gift shop for unwanted intruders??
So far I have told him to wait, because I feel like I will be doing him a very bad favour opening this up at all. Next considering to only open for specific IP's in the firewall, but that will not be convenient either, not being able to access and view the cameras from anywhere at anytime.
EverFocus mobile app software MobileFocus is compatible with EverFocus’ ECOR, Endeavor and Paragon DVR ranges as well as EverFocus NeVio IP cameras.
Is this just best practice, because these DVRs is in the low end scale?
Model: EverFocus ECOR264-9X1 DVR