Notification of Critical Vulnerabilities
2018-04-03
Dear partners,
From 2015, CCTV industry started to be affected by security issue. Reports on security issues covered nearly all manufacturers, no matter how big or how old or how strong they are, which remind all of us to be prepared to protect our devices and asserts. We expect your kind awareness of security issue, and deliver your understanding and supports to us.
We recently found 3 vulnerabilities with a great help from 3rd party security expert. 2 of them are deeply inside the firmware, and can be used to control the devices, or even damage the info or devices if professional know-how is there. We seriously ask for a update of firmware in proper way to block the vulnerability, in order to avoid the possible risk in the future.
We have released the firmware for all models. You can download the firmware from our website, or go to our technical support or our local partner technical support to get the right firmware. Upgrading can be down locally with USB disk, or remotely via IE/Chrome.. as usual.
All of the devices in the warehouse will be upgraded properly by us or by our local partners. Our online upgrading system will do its job, and we expect your attention in case of failure due to ignorance or other reasons.
We are enhancing our engineering team for security, but it is not enough in a fast developing network world. We hope some basic security action can be taken at your side to avoid most of the risk. It is very useful.
1- Most important, please change your user name and password immediately when getting the device.
2- Try to put your device under a safer network
(1) Use P2P connection instead of direct connection to network
(2) Put your devices behind a network with firewall
(3) Check off unused port in your router if you know how to do it
(4) Check off “DMZ” in your router, to close the port to network
(5) Don’t use PPPoE for connection, as there is no lock to your port, if possible.
Thank you for your understanding and quick years’ support.
Shenzhen TVT Digital Technology Co., Ltd
