Stiansen says that the codes in the CCTV cameras he’s examined have software developed in Asia and still has traces of the development code in them. In addition to that, the DVR boxes running the feeds use a traditional Linux pack that admins haven't done anything to secure.
"Administrators buy these cameras and install them straight on their network without realizing they are running a full Linux server," he says. "They're running a web system that has jQuery, cross-site scripting and all the vulnerabilities in the book in them.""
Link to Original Source