1) Plaintext storage of administrative password
Every firmware version

2) Missing CSRF protection
Every firmware version

3) Unauthenticated information disclosure
Every firmware version

4) Unauthenticated SSRF in DVR devices
1001-1000-1000-1000
1001-1000-1000-1000
1001-1000-1001-1001
1002-1000-1002-1001
1002-1001-1000-1000
1002-1001-1001-1001
1004-1002-1001-1000
1004-1002-1003-1000-FFFF
1004V-1002V-1003V-1001V
1004Y-1002Y-1001EJ-1000Y
1004Y-1002Y-1001Y-1000Y
1005-1002-1002-1000
1005-1002-1004-1001
1006-1001-1003-1004
1006-1002-1003-1000
1006Y-1002Y-1003Y-1000Y
1007-1002-1004-1000
1007-1003-1003-1002
1007-1003-1005-1001
1007E-1003E-1005EJ-1001E
1007V-1003V-1005V-1001V
1007Y-1002Y-1004Y-1000Y
1008-1002-1005-1000
1008-1004-1003-1002
1009-1003-1005-1006
1009-1003-1006-1001
1009-1007-1007-1000-FFFF
1009Y-1003Y-1006Y-1001Y
1010-1004-1007-1001
1010-1005-1005-1002
1011-1004-1005-1006
1011-1005-1007-1001
1011-1005-1007EJ-1001
1011-1005-1008-1002
1012-1004-1005-1006
1012-1005-1007-1002
1012-1006-1007-1001
1012-1008-1009-1000-FFFF
1014-1005-1009-1002
1014-1007-1009-1001
1014-1010-1010-1000-FFFF
1014Y-1007Y-1009Y-1001Y
1015-1006-1010-1003
1015-1007-1007-1007
1015-1007-1010-1001
1015-1010-1011-1000-FFFF
1015Y-1007Y-1010Y-1001Y
1016-1007-1005-1001
1016-1007-1011-1001
1016-1007-1011-1003
1016-1008-1007-1007
1016Y-1007Y-1011Y-1001Y
1017-1008-1012-1002
1017-1009-1008-1008
1017-1011-1013-1001-FFFF
1017f-1011f-1013f-1001f-FFFF
1017Y-1008Y-1012Y-1002Y
1018-1008-1012-1004
1019-1009-1013-1003
1019-1010-1009-1009
1019c-1012c-1014c-1001c-FFFF
1021-1011-1010-1009
1022-1012-1011-1009
1022-1014-1016-1002-FFFF
1022Y-1014Y-1016Y-1002Y-FFFF
1023-1013-1011-1009
1023-1014-1017-1002-FFFF
1025-1014-1013-1009
1026-1014-1014-1009
1027-1014-1015-1009
S968-S968-S968-S968
V171P-V171P-V171P-V171P
V189-V189-V189-V189


5) Unauthenticated command injection in DVR devices
1008-1002-1005-1000
1008-1002-1005-1000
1009-1003-1006-1001
1009Y-1003Y-1006Y-1001Y
1010-1004-1007-1001
1011-1005-1008-1002
1014-1005-1009-1002
1015-1006-1010-1003
1016-1007-1011-1003
1017-1008-1012-1002
1017Y-1008Y-1012Y-1002Y
1018-1008-1012-1004
1019-1009-1013-1003
1019c-1012c-1014c-1001c-FFFF
1022-1014-1016-1002-FFFF
1022Y-1014Y-1016Y-1002Y-FFFF
1023-1014-1017-1002-FFFF

6) Authentication bypass #1
1000-1000-1000-1000
1000C-1000C-1000C-1000C
1001-1000-1000-1000
1001-1001-1000-1000
1002-1000-1000-1000
1002-1002-1000-1002
1002D-1000D-1000D-1000D
1003-1000-1000-1001
1003-1001-1001-1000
1003-1002-1001-1000
1004-1000-1000-1000
1004-1001-1001-1001
1004-1003-1001-1002
1004-1003-1002-1001
1004A-1001A-1002A-1000A
1005-1002-1001-1002
1005-1003-1001-1002
1005-1004-1002-1001
1005A-1001A-1002A-1001A
1005D-1001D-1002D-1001D
1006-1002-1001-1002
1006-1004-1003-1001
1007-1001-1003-1001
1007-1001-1004-1003
1007-1002-1001-1003
1007-1002-1003-1002
1007-1004-1003-1001
1008-1001-1003-1002
1008-1004-1004-1001
1008D-1003D-1004D-1002D
1008J-1004J-1004J-1001J
1009-1001-1004-1001
1009-1002-1005-1003
1009-1003-1005-1002
1010-1001-1004-1001
1010-1001-1004-1002
1010-1003-1005-1002
1010-1003-1006-1003
1010-1003-1006-1004
1010-1004-1007-1001
1010J-1001J-1004J-1001J
1010N-1003N-1005N-1002N
1011-1001-1002A-1002
1011-1001-1002D-1002
1011-1001-1003-1002
1011-1001-1004-1002
1011-1001-1005-1002
1011-1004-1005-1002
1012-1001-1005-1002
1012-1001-1005-1003
1012-1001-1005PO-1002
1012-1003-1007-1002
1012-1003-1007-1004
1013-1001-1005-1003
1013-1002-1006-1002
1013-1003-1008-1003
1013-1004-1008-1004
1013-1005-1005-1002
1013-1005-1007-1002
1013K-1005K-1007PO-1002K
1014-1002-1006-1002
1014-1002-1006-1003
1014-1003-1008-1003
1014-1005-1008-1002
1014B-1002B-1006B-1002B
1015-1001-1006-1003
1015-1002-1006-1003
1015-1002-1007-1002
1015-1003-1008-1003
1015-1005-1009-1004
1015-1006-1004-1002
1015-1006-1005-1002
1015-1006-1008-1002
1015C-1004C-1003C-1005C
1015K-1006K-1008PO-1002K
1016-1002-1007-1002
1016-1006-1013-1002
1016-1007-1009-1003
1016-1007-1011-1003
1017-1002-1007-1003
1017-1003-1007-1003
1017-1003-1009-1003
1017-1005-1004-1005
1017-1006-1013-1002
1017-1013-1014-1005
1018-1003-1005-1004
1018-1003-1008-1003
1018-1003-1008-1004
1018-1003-1008PO-1003
1018-1004-1005-1005
1018-1007-1009-1003
1018-1012-1011-1010
1019-1004-1006-1005
1019-1007-1009-1003
1020-1003-1008-1003
1020-1003-1008-1004
1020-1004-1007-1006
1020-1007-1008-1003
1020-1007-1009-1003
1021-1003-1008-1003
1021-1003-1008-1004
1021-1005-1006-1005
1021-1005-1008-1006
1021-1006-1015-1002
1021-1007-1010-1003
1022-1005-1007-1005
1022-1005-1009-1007
1022-1006-1015-1002
1022-1013-1014-1010
1022-1014-1016-1002-FFFF
1022Y-1014Y-1016Y-1002Y-FFFF
1023-1005-1008-1006
1023-1007-1016-1003
1024-1019-1019-1007
1025-1006-1010-1007
1025-1017-1017-1011
1027-1007-1019-1003
1027-1021-1021-1008
1028-1021-1022-1008
1031-1007-1022-1003
1032-1022-1024-1008
1033-1018-1021-1012
1035-1005-1005-1004
1035-1005-1005-1005
1035-1005-1005-1005P
1035-1007-1024-1003
1035-1024-1025-1008
1036-1005-1006-1005
1036-1007-1024-1003
1036-1014-1016-1016
1037-1024-1027-1008
1037-1025-1027-1008
1038-1021-1024-1012
1038-1021-1024-1012-A5
1038-1025-1028-1008
1039-1005-1008-1004
1039-1005-1008-1005
1039-1014-1017-1016
1039D-1014D-1017D-1016D
1040-1026-1029-1008
1041-1005-1009-1005
1042-1026-1030-1008
1044-1026-1030-1008
1044-1026-1031-1008
1045-1015-1020-1018
1046-1027-1032-1008
1047-1027-1031-1008
1049-1027-1033-1008
1050-1027-1034-1008
1050-1027-1036-1008
1051-1027-1035-1008
1051CZ-1028-1037-1008
1052-1027-1034-1008
1052-1028-1038-1008
1052A-1028-1038A-1008
1054-1027-1036-1008
1054-1028-1036-1008
1055-1028-1036-1008
1056-1028-1037-1008
1058-1028-1039-1008
1062-1028-1041-1008
1065-1029-1043-1008
1068-1029-1043-1008
1069-1029-1043-1008
1071-1029-1044-1008
1077-1017-1035-1007
1077-1017-1035-1007-A6
1077-1017-1035-1007-D4
1077-1017-1035-1007-D705FF
1078-1017-1036-1007
1078-1017-1036-1007-A6
1078-1017-1036-1007-D707FF
1079-1017-1037-1007
1079-1017-1037-1007-D4
1W77-1W17-1W35-1W07-A6
A077-1017-A035-1007
A077-1017-A035-1007-A6
A1035-1024-A1025-1008
A1038-1025-A1028-1008-D4
S681-S681-S681-S681
S749-S749-S749-S749
S818-S818-S818-S818
S820-S820-S820-S820
S823-S823-S823-S823
S914V-S914V-S914V-S914V
S984-S984-S984-S984

7) Authentication bypass #2
1000-1000-1000-1000
1000C-1000C-1000C-1000C
1001-1000-1000-1000
1001-1001-1000-1000
1002-1000-1000-1000
1002-1002-1000-1002
1002D-1000D-1000D-1000D
1003-1000-1000-1001
1003-1001-1001-1000
1003-1002-1001-1000
1004-1000-1000-1000
1004-1001-1001-1001
1004-1002-1000-1001
1004-1003-1001-1002
1004-1003-1002-1001
1004A-1001A-1002A-1000A
1005-1002-1001-1002
1005-1003-1001-1002
1005-1004-1002-1001
1005A-1001A-1002A-1001A
1005D-1001D-1002D-1001D
1006-1002-1001-1002
1006-1003-1001-1001
1006-1004-1003-1001
1007-1001-1003-1001
1007-1001-1004-1003
1007-1002-1001-1000
1007-1002-1001-1003
1007-1002-1003-1002
1007-1004-1003-1001
1008-1001-1003-1002
1008-1004-1004-1001
1008D-1003D-1004D-1002D
1008J-1004J-1004J-1001J
1009-1001-1004-1001
1009-1002-1005-1003
1009-1003-1001-1003
1009-1003-1005-1002
1010-1001-1004-1001
1010-1001-1004-1002
1010-1003-1005-1002
1010-1003-1006-1003
1010-1003-1006-1004
1010-1004-1007-1001
1010J-1001J-1004J-1001J
1010N-1003N-1005N-1002N
1011-1001-1002A-1002
1011-1001-1002D-1002
1011-1001-1003-1002
1011-1001-1004-1002
1011-1001-1005-1002
1011-1004-1005-1002
1012-1001-1005-1002
1012-1001-1005-1003
1012-1001-1005PO-1002
1012-1003-1007-1002
1012-1003-1007-1004
1013-1001-1005-1003
1013-1002-1006-1002
1013-1003-1008-1003
1013-1004-1002-1003
1013-1004-1008-1004
1013-1005-1005-1002
1013-1005-1007-1002
1013K-1005K-1007PO-1002K
1014-1002-1006-1002
1014-1002-1006-1003
1014-1003-1008-1003
1014-1004-1003-1004
1014-1005-1008-1002
1014B-1002B-1006B-1002B
1015-1001-1006-1003
1015-1002-1006-1003
1015-1002-1007-1002
1015-1003-1008-1003
1015-1005-1009-1004
1015-1006-1004-1002
1015-1006-1005-1002
1015-1006-1008-1002
1015C-1004C-1003C-1005C
1015K-1006K-1008PO-1002K
1016-1002-1007-1002
1016-1006-1013-1002
1016-1007-1009-1003
1016-1007-1011-1003
1017-1002-1007-1003
1017-1003-1007-1003
1017-1003-1009-1003
1017-1005-1004-1005
1017-1006-1013-1002
1017-1013-1014-1005
1018-1003-1005-1004
1018-1003-1008-1003
1018-1003-1008-1004
1018-1003-1008PO-1003
1018-1004-1005-1005
1018-1007-1009-1003
1018-1012-1011-1010
1019-1004-1006-1005
1019-1007-1009-1003
1020-1003-1008-1003
1020-1003-1008-1004
1020-1004-1007-1006
1020-1007-1008-1003
1020-1007-1009-1003
1021-1003-1008-1003
1021-1003-1008-1004
1021-1005-1006-1005
1021-1005-1008-1006
1021-1006-1015-1002
1021-1007-1010-1003
1022-1005-1007-1005
1022-1005-1009-1007
1022-1006-1015-1002
1022-1013-1014-1010
1022-1014-1016-1002-FFFF
1022Y-1014Y-1016Y-1002Y-FFFF
1023-1005-1008-1006
1023-1007-1016-1003
1024-1010-1011-1011
1024-1019-1019-1007
1025-1006-1010-1007
1025-1011-1011-1012
1025-1017-1017-1011
1027-1007-1019-1003
1027-1021-1021-1008
1028-1021-1022-1008
1030-1012-1012-1014
1031-1007-1022-1003
1032-1013-1013-1015
1032-1022-1024-1008
1033-1018-1021-1012
1034-1014-1015-1016
1035-1005-1005-1004
1035-1005-1005-1005
1035-1005-1005-1005P
1035-1007-1024-1003
1035-1024-1025-1008
1036-1005-1006-1005
1036-1007-1024-1003
1036-1014-1016-1016
1037-1024-1027-1008
1037-1025-1027-1008
1038-1021-1024-1012
1038-1021-1024-1012-A5
1038-1025-1028-1008
1039-1005-1008-1004
1039-1005-1008-1005
1039-1014-1017-1016
1039D-1014D-1017D-1016D
1040-1026-1029-1008
1041-1005-1009-1005
1042-1014-1016-1005
1042-1026-1030-1008
1044-1026-1030-1008
1044-1026-1031-1008
1045-1015-1020-1018
1046-1027-1032-1008
1047-1027-1031-1008
1049-1027-1033-1008
1050-1027-1034-1008
1050-1027-1036-1008
1051-1027-1035-1008
1051CZ-1028-1037-1008
1052-1027-1034-1008
1052-1028-1038-1008
1052A-1028-1038A-1008
1054-1027-1036-1008
1054-1028-1036-1008
1055-1028-1036-1008
1056-1028-1037-1008
1058-1028-1039-1008
1062-1028-1041-1008
1065-1029-1043-1008
1068-1029-1043-1008
1069-1029-1043-1008
1071-1029-1044-1008
1077-1017-1035-1007
1077-1017-1035-1007-A6
1077-1017-1035-1007-D4
1077-1017-1035-1007-D705FF
1078-1017-1036-1007
1078-1017-1036-1007-A6
1078-1017-1036-1007-D707FF
1079-1017-1037-1007
1079-1017-1037-1007-D4
1W42-1W14-1W16-1W05-A2
1W77-1W17-1W35-1W07-A6
A056-1015-A055-1005-D104
A077-1017-A035-1007
A077-1017-A035-1007-A6
A1035-1024-A1025-1008
A1038-1025-A1028-1008-D4
S681-S681-S681-S681
S749-S749-S749-S749
S818-S818-S818-S818
S820-S820-S820-S820
S823-S823-S823-S823
S914V-S914V-S914V-S914V
S984-S984-S984-S984

8) Unauthenticated file download from web root
Most of the firmwares (no exact information)

9) Login captcha bypass #1
Most of the firmwares (no exact information)

10) Login captcha bypass #2
Every firmware version

11) Authenticated command injection in CloudSetup.cgi
1003-1001-1001-1000
1003-1001-1001-1000
1006-1001-1003-1003
1007-1001-1003-1000
1007-1001-1003-1003
1008-1003-1005-1003
1009-1004-1005-1006
1009-1004-1006-1003
1010-1001-1004-1005
1011-1005-1008-1002
1012-1002-1006-1005
1012-1002-1007-1004
1012-1004-1008-1008
1013-1002-1006-1005
1013-1004-1008-1003
1013-1004-1008-1008
1014-1002-1007-1004
1014-1003-1007-1001
1014-1004-1008-1008
1014L-1002L-1006L-1005L
1015-1006-1008-1007
1016-1003-1007-1001
1016-1004-1009-1009
1016-1006-1008-1007
1017-1002-1008-1005
1017-1003-1007-1002
1017-1003-1008-1006
1017k-1003k-1008k-1006k
1018-1003-1007-1002
1018-1006-1009-1007
1018-1008-1012-1004
1019-1003-1007-1002
1019-1003-1008-1001
1019-1004-1009-1007
1019-1009-1013-1003
1020-1003-1010-1006
1020-1004-1009-1007
1020-1005-1011-1010
1020-1005-1012-1007
1021-1005-1011-1010
1021L-1003L-1010L-1006L
1021r-1004r-1009r-1007r
1022-1003-1008-1002
1022-1004-1009-1007
1022-1007-1012-1007
1022-1014-1016-1002-FFFF
1022L-1004L-1011L-1006L
1022L-1005L-1011L-1010L
1022Y-1014Y-1016Y-1002Y-FFFF
1023-1004-1010-1007
1023-1014-1017-1002-FFFF
1025-1006-1013-1011
1025-1008-1013-1008
1025-1017-1017-1011
1027-1007-1019-1003
1027-1008-1012-1008
1027-1008-1013-1008
1027L-1006L-1015L-1009L
1028-1007-1014-1012
1029-1007-1014-1008
1030-1007-1014-1012
1030-1008-1014-1008
1031-1007-1015-1012
1031-1007-1022-1003
1032-1007-1015-1008
1032k-1007k-1015k-1008k
1033-1018-1021-1012
1035-1005-1005-1004
1035-1005-1005-1005
1035-1007-1024-1003
1036-1005-1006-1005
1036-1007-1024-1003
1036r-1008r-1016r-1009r
1037-1008-1017-1009
1038-1021-1024-1012
1038-1021-1024-1012-A5
1039-1005-1008-1004
1039-1005-1008-1005
1041-1005-1009-1005
1050-1027-1036-1008
1051CZ-1028-1037-1008
1052-1028-1038-1008
1052A-1028-1038A-1008
1055-1028-1036-1008
1056-1028-1037-1008
1058-1028-1039-1008
1062-1028-1041-1008
1065-1029-1043-1008
1068-1029-1043-1008
1069-1029-1043-1008
1071-1029-1044-1008
S855-S855-S855-S855
T717-T717-T717-T717

12) Authenticated command injection in adcommand.cgi
1001-1000-1000-1000
1001-1000-1000-1000
1002-1000-1000-1000
1002-1001-1001-1001
1003-1000-1001-1000
1003-1001-1001-1000
1003-1001-1001-1001
1004-1000-1000-1000
1004-1001-1001-1001
1004-1001-1002-1000
1004-1002-1001-1000
1004V-1002V-1003V-1001V
1004Y-1002Y-1001EJ-1000Y
1005-1001-1002-1000
1005-1002-1001-1002
1005-1002-1002-1000
1005-1002-1004-1001
1006-1001-1003-1000
1006-1001-1003-1003
1006-1002-1001-1002
1006-1002-1003-1000
1006R-1002R-1001R-1002R
1007-1001-1003-1000
1007-1001-1003-1003
1007-1002-1004-1000
1007-1003-1005-1001
1007E-1003E-1005EJ-1001E
1007V-1003V-1005V-1001V
1008-1001-1001-1001
1008-1002-1002-1003
1008-1002-1005-1000
1008-1003-1005-1003
1008-1004-1003-1002
1009-1001-1002-1001
1009-1001-1004-1000
1009-1003-1006-1001
1009-1004-1005-1006
1009-1004-1006-1003
1009Y-1003Y-1006Y-1001Y
1010-1001-1003-1001
1010-1001-1004-1005
1010-1002-1005-1000
1010-1004-1007-1001
1010-1005-1005-1002
1011-1002-1004-1001
1011-1002-1006-1000
1011-1005-1007EJ-1001
1011-1005-1008-1002
1012-1002-1004-1001
1012-1002-1006-1005
1012-1002-1007-1004
1012-1003-1001-1005
1012-1003-1005-1005
1012-1004-1008-1008
1012-1008-1009-1000-FFFF
1013-1002-1006-1005
1013-1003-1005-1001
1013-1004-1008-1003
1013-1004-1008-1008
1014-1002-1007-1004
1014-1003-1006-1001
1014-1003-1006PL-1001
1014-1003-1007-1001
1014-1004-1008-1008
1014-1005-1009-1002
1014-1007-1009-1001
1014L-1002L-1006L-1005L
1015-1006-1004-1002
1015-1006-1005-1002
1015-1006-1008-1002
1015-1006-1008-1007
1015-1006-1010-1003
1015-1007-1007-1007
1015K-1006K-1008PO-1002K
1015Y-1007Y-1010Y-1001Y
1016-1003-1007-1001
1016-1004-1009-1009
1016-1006-1008-1007
1016-1007-1005-1001
1016-1007-1009-1003
1016-1007-1011-1001
1016-1007-1011-1003
1016-1008-1007-1007
1016Y-1007Y-1011Y-1001Y
1017-1002-1008-1005
1017-1003-1007-1002
1017-1003-1008-1006
1017-1008-1012-1002
1017-1011-1013-1001-FFFF
1017k-1003k-1008k-1006k
1017Y-1008Y-1012Y-1002Y
1018-1003-1005-1004
1018-1003-1007-1002
1018-1003-1008-1003
1018-1003-1008-1004
1018-1003-1008PO-1003
1018-1006-1009-1007
1018-1007-1009-1003
1018-1008-1012-1004
1019-1003-1007-1002
1019-1003-1008-1001
1019-1004-1009-1007
1019-1007-1009-1003
1019-1009-1013-1003
1019-1010-1009-1009
1019c-1012c-1014c-1001c-FFFF
1020-1003-1008-1003
1020-1003-1008-1004
1020-1003-1010-1006
1020-1004-1009-1007
1020-1005-1011-1010
1020-1005-1012-1007
1020-1007-1008-1003
1020-1007-1009-1003
1021-1003-1008-1003
1021-1003-1008-1004
1021-1005-1011-1010
1021-1007-1010-1003
1021L-1003L-1010L-1006L
1021r-1004r-1009r-1007r
1022-1003-1008-1002
1022-1004-1009-1007
1022-1007-1012-1007
1022-1012-1011-1009
1022-1014-1016-1002-FFFF
1022L-1004L-1011L-1006L
1022L-1005L-1011L-1010L
1022Y-1014Y-1016Y-1002Y-FFFF
1023-1004-1010-1007
1023-1014-1017-1002-FFFF
1025-1006-1013-1011
1025-1008-1013-1008
1025-1014-1013-1009
1027-1008-1012-1008
1027-1008-1013-1008
1027-1014-1015-1009
1027L-1006L-1015L-1009L
1028-1007-1014-1012
1029-1007-1014-1008
1030-1007-1014-1012
1030-1008-1014-1008
1031-1007-1015-1012
1032-1007-1015-1008
1032k-1007k-1015k-1008k
1036r-1008r-1016r-1009r
1037-1008-1017-1009
S749-S749-S749-S749
S820-S820-S820-S820
S823-S823-S823-S823
S855-S855-S855-S855
S914V-S914V-S914V-S914V
S968-S968-S968-S968
S984-S984-S984-S984
T717-T717-T717-T717

13) Authenticated command injection in PwdGrp.cgi
Most of the firmwares (no exact information)

14) HTTPS used without certificate verification
Most of the firmwares (no exact information)