Vulnerability in exacqVision NVRs could allow an attacker to take control

June 29, 2020

Johnson Controls, a manufacturer of network video recorders, has announced new firmware that addresses a recently disclosed vulnerability affecting exacqVision products. This vulnerability could allow an attacker to run malicious code on an unpatched NVR.

Johnson Controls has released firmware patches for affected models and recommends urgent installation.

To read Johnson Controls Product Security Advisory:
https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2020/jci-psa-2020-7-v1-exacqvision-web-service-and-enterprise-manager.pdf?la=en&hash=704888A69F52AD699D6FA19A96C3B1B3104D3741

For firmware downloads:
https://www.exacq.com/support/downloads.php

If you have any questions regarding this important technology update, please contact your local Vector Security representative or the corporate office.

About Vector Security

For nearly 50 years, Vector Security, Inc. (www.vectorsecurity.com) has been a premier provider of intelligent security solutions tailored to the needs of the customer. Headquartered in Pittsburgh, the company offers a full suite of electronic security services for residential, business and national account customers across North America and the Caribbean through a network of branches, authorized dealers and their ADS Security division. The Vector Security Networks division offers customized physical security and managed network services to multi-site commercial customers. Vector Security is a sister company of the Philadelphia Contributionship, a mutual insurance company founded in 1752, and currently provides cost-effective, technology-based security and automation solutions to nearly 400,000 homes and businesses across 58 branch locations.