CVE-2013-1391

HIGH

Hunt CCTV DVR Firmware - Unauthenticated Configuration Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-1391. PoCs published by Alejandro Ramos, Alejandro Ramos, juan vazquez, including Metasploit module auxiliary/scanner/misc/dvr_config_disclosure.

AI-analyzed exploit summary The exploit demonstrates a remote information-disclosure vulnerability in Hunt CCTV devices by fetching the DVR.cfg file via a simple HTTP request, which contains sensitive credentials. The provided curl command retrieves and parses the configuration file to extract user credentials.

Description

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Alejandro Ramos · textremotemultiple

https://www.exploit-db.com/exploits/38248

View Code ZIP pw:eip

The exploit demonstrates a remote information-disclosure vulnerability in Hunt CCTV devices by fetching the DVR.cfg file via a simple HTTP request, which contains sensitive credentials. The provided curl command retrieves and parses the configuration file to extract user credentials.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Hunt CCTV devices (multiple models)

No auth needed

Prerequisites: Network access to the vulnerable device · Device must expose the DVR.cfg file via HTTP

MITRE ATT&CK

T1592 - Gather Victim Host Information T1087 - Account Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC

by Alejandro Ramos, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in multiple DVR manufacturers' web interfaces to retrieve device configuration files, including credentials for PPPoE, DDNS, FTP, and DVR users.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Multiple DVR manufacturers' web interfaces (CVE-2013-1391)

No auth needed

Prerequisites: Network access to the DVR web interface

MITRE ATT&CK

T1592 - Gather Victim Host Information T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure

Exploit, Third Party Advisory x_refsource_misc

http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html

Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

https://www.securityfocus.com/bid/57579/info

Scores

CVSS v3 7.5

EPSS 0.7611

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-287

Status published

Products (20)

capturecctv/cdr_0410ve_firmware

capturecctv/cdr_0820vde_firmware

hachi/hv-04rd_pro_firmware

hachi/hv-08rd_pro_firmware

huntcctv/dr6-704a4h_firmware

huntcctv/dr6-708a4h_firmware

huntcctv/dr6-7316a4h_firmware

huntcctv/dr6-7316a4hl_firmware

huntcctv/dvr-04ch_firmware

huntcctv/dvr-04nc_firmware

... and 10 more

Published Oct 30, 2019

Tracked Since Feb 18, 2026