New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds

An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they’re supposed to record.

The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered by Fernandez at the start of last month.

CVE-2018-9995 —the dangerous flaw that everyone ignored

Fernandez discovered that by accessing  the  control panel of specific DVRs with a cookie header of “Cookie: uid=admin,” the DVR would respond with the device’s admin credentials in cleartext. The entire exploit is small enough to fit inside a tweet.

$> curl "http://{DVR_HOST_IP}:{PORT}/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin"

DVR leaking credentials

Initially, Fernandez discovered that CVE-2018-9995 affected only DVR devices manufactured by TBK, but in an update to his original report published on Monday, the researcher expanded the list of vulnerable devices to include systems made by other vendors, most of which appeared to be selling rebranded versions of the original TBK DVR4104 and DVR4216 series.

Source: New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds

Advertisements
Categories: Uncategorized

Post navigation

Comments are closed.

Create a free website or blog at WordPress.com.

%d bloggers like this: