About 1 million digital video recorders contain an uncorrected vulnerability that could lead to the emergence of a new powerful botnet like the infamous Mirai. According to experts of the British company Pen Test Partners, the vulnerability is present in the network software from the Chinese manufacturer XiongMai.

Researchers began to study the security problems of DVRs in February 2016, long before the appearance of Mirai. Experts found in the web-interface software from XiongMai vulnerability, which can cause buffer overflow and endanger about 1 million devices. According to researchers, by exploiting a vulnerability, an attacker can remotely execute code. "According to Shodan, today about 1 million devices are available, from which it is possible to build an excellent botnet," the researchers.

According to experts, software based on XiongMai has DVRs sold under 50 different brands. Since devices from the same manufacturer can be sold under a variety of different brands, vendors and do not know that their devices work with vulnerable software XiongMai.

Among other things, the researchers found a non-standard telnet port (12323), which provides the ability to perform brute force attacks using default passwords.

Shodan - the world's first search engine for detecting devices connected to the Internet.