Eyemax 9120 web host security issue

[cpuinc 0]

My customer has multiple DVRs setup for web access (ver 5.3.) Recently, they began to use the same public ip for credit card processing. A PCI security compliance company scanned the ip and reported this security issue on all of the ports the DVRs are using:

Synopsis : The remote web server is affected by a directory traversal vulnerability. Description : It appears possible to read arbitrary files on the remote host outside the web server's document directory using a specially-crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. Solution: Contact the vendor for an update, use a different product, or disable the service altogether.

Nothing on eyemax's site. Any help to resolve this issue would be appreciated

[stayleft 0]

cpuinc,

 

Have you made any progress with this PCI compliance vulnerability? I'm facing the same problem with my DVR's embedded web server and IP enabled credit card terminals. I was given the same reports you reference.

 

I'm having a difficult time coming up with a solution. I'm thinking individual /independent Static IP addresses for the DVR and the CC terminal would work, but I don't want to pay $120 additional each month for the luxury (6 locations). I use dyndns.org now for updating my dynamic IP addresses. Works great.

 

Hardware based firewall in front of DVR? (I'm asking).

 

I don't know enough about networking to know if it's possible to isolate a web server with a public IP address that is the same (and only) one that the credit card terminal uses to process transactions.

 

It seems to me this issue will be very big soon for a lot of people. Has anyone come up with any creative solutions?

[Romantic 0]

I am having the same issue and my CC merchant is now charging me $20 per location per month for this! How can I fix this?