March 31, 2015
I just found an issue with the SmartPSS remote viewing software that I hope someone has a fix for.
We have a 64 channel NVR, which has cameras connected from different areas/businesses on property.
We want to limit the managers of the different businesses to view the cameras only for their own area. To do that, we have created groups that only include playback and view on the correct cameras. None of the managers have Account access to add or delete users.
When accessing the system through the webGUI, the system functions as expected. When attempting to access a restricted camera, they get the message “You have no right”. When they click the Setup, the account section is not listed (as expected)
BUT when the same user logs in through the SmartPSS software, they are able to see ALL cameras. Even worse, when they go to Device Manage, they can add/delete/modify users. The software itself says “account modify failed”, but it doesn’t actually fail, the changes made do take effect.
I hope that there is just a box that we haven’t checked or possibly a firmware update, as this seems to be a pretty big security hole. Our current firmware is
March 31, 2015
Yes, they are using the account I set up for them to log into both the webGUI of the NVR, and to connect the NVR as a device in SmartPSS.
I have tested with several other accounts which should also be limited, and they also are able to view all cameras and access the accounts section through SmartPSS, but not through the webGUI.
We have another client with a hybrid analog/IP NVR that we also purchased from you, and it does NOT have the same problem. The limited users on that system are still limited in SmartPSS. The firmware on that system is