CVE-2018-9995

high-risk
Published 2018-04-10

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

Do I need to act?

!
94.1% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
44577
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Tbkvision

References (8)

Exploit http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html
Exploit http://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995...
Exploit https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-acces...
Exploit https://www.exploit-db.com/exploits/44577/
Exploit http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html
Exploit http://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995...
Exploit https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-acces...
Exploit https://www.exploit-db.com/exploits/44577/
59
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 7/34 · Low