CVE-2018-9995
CVE-2018-9995
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 28
githubgithub.com/ezelf/CVE-2018-9995_dvr_credentials★ 555githubgithub.com/Cyb0r9/DVR-Exploiter★ 113githubgithub.com/0xDamian/CVE-2018-9995-rs★ 97githubgithub.com/X3RX3SSec/DVR_Sploit★ 11githubgithub.com/K3ysTr0K3R/CVE-2018-9995-EXPLOIT★ 9githubgithub.com/zzh217/CVE-2018-9995_Batch_scanning_exp★ 4githubgithub.com/kienquoc102/CVE-2018-9995-2★ 4githubgithub.com/wmasday/HTC★ 3githubgithub.com/codeholic2k18/CVE-2018-9995★ 2githubgithub.com/gwolfs/CVE-2018-9995-ModifiedByGwolfs★ 2githubgithub.com/Huangkey/CVE-2018-9995_check★ 2githubgithub.com/Saeed22487/CVE-2018-9995★ 1githubgithub.com/mesutozsoycom/cve-2018-9995★ 1githubgithub.com/MrAli-Code/CVE-2018-9995_dvr_credentials★ 1githubgithub.com/b510/CVE-2018-9995-POC★ 1githubgithub.com/awesome-consumer-iot/HTC★ 1githubgithub.com/ST0PL/DVRFaultNET★ 1githubgithub.com/dearpan/cve-2018-9995★ 0githubgithub.com/TateYdq/CVE-2018-9995-ModifiedByGwolfs★ 0githubgithub.com/LeQuocKhanh2K/Tool_Exploit_Password_Camera_CVE-2018-9995★ 0githubgithub.com/likaifeng0/CVE-2018-9995_dvr_credentials-dev_tool★ 0githubgithub.com/arminarab1999/CVE-2018-9995★ 0githubgithub.com/ABIZCHI/CVE-2018-9995_dvr_credentials★ 0githubgithub.com/batmoshka55/CVE-2018-9995_dvr_credentials★ 0githubgithub.com/dego905/Cam★ 0githubgithub.com/A-Alabdoo/CVE-DVr★ 0cve_referencewww.exploit-db.com/exploits/44577/não verificadoexploitdbwww.exploit-db.com/exploits/44577não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.htmlhttp://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995.htmlhttps://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/https://www.exploit-db.com/exploits/44577/