Vulnerabilities in Longse Technology devices

CERT Polska disclosed four vulnerabilities (CVE-2024-5631, CVE-2024-5632, CVE-2024-5633, CVE-2024-5634) in Longse Technology NVR and camera firmware that allow credential eavesdropping via cleartext transmission, exposure to default and weak credentials, unauthorized access to an undocumented CoolView binary enabling memory read/write (potentially leading to full device compromise), and easily brute-forcible telnet passwords; affected devices are end-of-life and will not receive patches.