Dunno what DVR you have but Swann are mentioned here :
http://www.theregister.co.uk/2016/02/18/blank_519070_the_pin_to_enter_to_pwn_80k_online_security_cams/
Basically there's a hardcoded root account with a password of 519070 which allows complete compromise of the DVR - and is obviously behind your firewall so has unrestricted network access from the shell account.
I don't have the system open to outside of my network. The ports are closed. I just access the cameras on my computers via LAN.
The article doesn't surprise me. I've looked for firmware updates for the unit and never found any.
They are fairly cheap machines, even though at first was priced around £400 (I think its now dropped to the £200 to £300 range).
The units have no on/off switch. The only way to turn the power off is to pull the power lead out.
This is my second unit, after the other was replaced because suddenly the power to the cameras (they are powered by PoE) all stopped working. I got a replacement and at the moment the motion detection recording stopped working on one of the cameras. Supposedly that function is from the unit, though I've changed ethernet port connectors of that camera and it's still doing it.
Its nearly impossible to find the more expensive cameras advertised as its all bogged down in this low-end price range. Different companies are competing but from what I've seen they all get similar faults.
Swann support is absolutely useless. I emailed them about the camera not recording during motion detection (if I set it to record all the time it works). The guy replied, maybe its the power strip? Wth
I don't know how people can be so 'thick' these days with computers and technology. The people up to 40 and 50 years old have had a life time were computers have played a significant role in their lives. Where have they been hiding!?