EIP-2026-102049

PRE-CVE

Tiandy IPC and NVR 9.12.7 - Credential Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102049. PoCs published by zb3.

AI-analyzed exploit summary This exploit targets Tiandy IPC and NVR devices to disclose credentials by leveraging a vulnerability in the authentication mechanism. It interacts with the device's proprietary protocol to extract or recover admin credentials, either through a password recovery code or default credentials.

Description

Tiandy IPC and NVR 9.12.7 - Credential Disclosure

Exploits (1)

exploitdb WORKING POC

by zb3 · pythonwebappshardware

https://www.exploit-db.com/exploits/48799

View Code ZIP pw:eip

This exploit targets Tiandy IPC and NVR devices to disclose credentials by leveraging a vulnerability in the authentication mechanism. It interacts with the device's proprietary protocol to extract or recover admin credentials, either through a password recovery code or default credentials.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Tiandy IPC and NVR (DVRS_V9.12.7, DVRS_V11.7.4, NVSS_V13.6.1, NVSS_V22.1.0)

No auth needed

Prerequisites: Network access to the target device · Python 3 with PyCrypto library

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026