According to an advisory issued by Fortinet FortiGuard Labs, threat actors are actively exploiting a five-year-old unpatched flaw affecting TBK digital video recording (DVR) devices.
The vulnerability in question is CVE-2018-9995 (CVSS score: 9.8), a severe authentication bypass issue that can be exploited by remote actors to elevate privileges.
“The five-year-old vulnerability (CVE-2018-9995) is due to an error in handling maliciously crafted HTTP cookies,” Fortinet said in an outbreak alert on May 1, 2023. I was. This flaw allows an attacker to bypass authentication, gain administrator privileges, and ultimately access the camera’s video feed. ”
The network security firm said it has seen more than 50,000 attempts to exploit TBK DVR devices using this flaw in April 2023.
This flaw affects TBK DVR4104 and DVR4216 products rebranded and marketed using the names CeNova, DVR Login, HVR Login, MDVR Login, Night OWL, Novo, QSee, Pulnix, Securus, and XVR 5 in 1 affect the line.
In addition, Fortinet warns of a spike in exploits for CVE-2016-20016 (CVSS score: 9.8), another critical vulnerability affecting MVPower CCTV DVR models including TV-7104HE 1.8.4 115215B9 and TV7108HE Did.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.
Save my seat!
Due to the existence of a web shell accessible via the /shell URI, this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary operating system commands as root.
“The availability of tens of thousands of TBK DVRs from various brands, public PoC code, and ease of exploitation make this vulnerability an easy target for attackers,” Fortinet said. increase. “His recent surge in IPS detections shows that network camera devices remain a popular target for attackers.”
