Over 9 million security cameras, digital video recorders (DVRs), and network video recorders (NVRs) manufactured by Hangzhou Xiongmai Technology Co., Ltd. contain vulnerabilities that can allow a remote attacker to easily take over devices, security researchers at EU-based SEC Consult revealed on October 10, 2018. But end users won’t be able to tell whether they are using a hackable device, because the company doesn’t sell any product with its name on it. Rather, it ships all equipment as white label for other companies to put their name on it. Over 100 companies using Xiongmai devices have been identified so far.
The vulnerability is caused by the devices, creating a secure tunnel with a cloud account. These cloud accounts haven’t been sufficiently protected. The accounts and their passwords can be easily guessed.
Read more about it here.