Due to a security vulnerability, many cameras with firmware version 5.4.0 or earlier will export their configuration file via the web GUI without requiring credentials.
That file is encrypted and XOR encoded, but is readily decrypted and decoded to reveal the admin password in plain text.
OK, so what's that got to do with the NVR lost admin password?
Historically, NVRs with the PoE ports set in the default Plug&Play mode will 'activate' an 'inactive' camera that gets connected to a PoE port by using the NVR admin password. So the camera admin...
