This Python script exploits an authentication bypass vulnerability in Uniview NVR devices to remotely disclose user passwords. It retrieves the configuration file via an unauthenticated request to 'main-cgi' and decodes reversible password strings using a custom mapping.
Classification
Working Poc 95%
Target:
Uniview NVR (tested on NVR304-16E, NVR301-08-P8 with software versions B3118P26C00510, B3218P26C00512, B3220P11)
No auth needed
Prerequisites:
Network access to the Uniview NVR web interface