markstubb

This is a pretty backhanded thing to say. IMO, knowing a password prefix makes any secure password no less secure. If anything, it makes it more secure to the uninitiated who don't know the prefix. And for those who DO know the prefix, and they know/cracked the admin password, then they would have probably gotten into the box eventually anyway. @hdo26 - I think he's trying to give you **** about divulging this prefix. Still not 100% sure why, though. Security through obscurity is not security. I, for one, would like to say thanks!

I gotcha, but if you already have a complex password, having the prefix doesn't make a whole lot of difference, IMO

Wouldn't disabling external telnet access do the same thing, or is that password able to be used elsewhere? Either way, it's not like it's just a default password, it's just a default password prefix. Which is a hell of a lot better than the same password on everyone's device.

Very nice work! I just tried it, for the hell of it, on my dahua nvr (NVR-4216 running V3.200.0000.2.R.20140418) and it worked perfect. Very good detective work!