""ET EXPLOIT Shenzhen TVT DVR/NVR/IPC Hardcoded Credential ConfigSyncProc Login Attempt""

SID: 2036272

Revision: 2

Class Type: trojan-activity

Metadata: affected_product DVR, attack_target Networking_Equipment, created_at 2022_04_19, deployment Perimeter, deployment Internal, performance_impact Low, signature_severity Major, updated_at 2022_04_19

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: 4567

Flow: established,to_server

Contents:

• Value: "{D79E94C5-70F0-46BD-965B-E17497CCB598}" Depth: 38

Within:

PCRE:

Special Options:

source