← volver
CVE-2018-9995

CVE-2018-9995

EPSS 83.2%
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
Productos afectados
n/a · n/a
PoCs públicas encontradas28
githubgithub.com/ezelf/CVE-2018-9995_dvr_credentials555githubgithub.com/Cyb0r9/DVR-Exploiter113githubgithub.com/0xDamian/CVE-2018-9995-rs97githubgithub.com/X3RX3SSec/DVR_Sploit11githubgithub.com/K3ysTr0K3R/CVE-2018-9995-EXPLOIT9githubgithub.com/zzh217/CVE-2018-9995_Batch_scanning_exp4githubgithub.com/kienquoc102/CVE-2018-9995-24githubgithub.com/wmasday/HTC3githubgithub.com/codeholic2k18/CVE-2018-99952githubgithub.com/gwolfs/CVE-2018-9995-ModifiedByGwolfs2githubgithub.com/Huangkey/CVE-2018-9995_check2githubgithub.com/Saeed22487/CVE-2018-99951githubgithub.com/mesutozsoycom/cve-2018-99951githubgithub.com/MrAli-Code/CVE-2018-9995_dvr_credentials1githubgithub.com/b510/CVE-2018-9995-POC1githubgithub.com/awesome-consumer-iot/HTC1githubgithub.com/ST0PL/DVRFaultNET1githubgithub.com/dearpan/cve-2018-99950githubgithub.com/TateYdq/CVE-2018-9995-ModifiedByGwolfs0githubgithub.com/LeQuocKhanh2K/Tool_Exploit_Password_Camera_CVE-2018-99950githubgithub.com/likaifeng0/CVE-2018-9995_dvr_credentials-dev_tool0githubgithub.com/arminarab1999/CVE-2018-99950githubgithub.com/ABIZCHI/CVE-2018-9995_dvr_credentials0githubgithub.com/batmoshka55/CVE-2018-9995_dvr_credentials0githubgithub.com/dego905/Cam0githubgithub.com/A-Alabdoo/CVE-DVr0cve_referencewww.exploit-db.com/exploits/44577/no verificadoexploitdbwww.exploit-db.com/exploits/44577no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.htmlhttp://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995.htmlhttps://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/https://www.exploit-db.com/exploits/44577/