TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a “Cookie: uid=admin” header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
[*] Exploit Title: “Gets DVR Credentials”
[*] CVE: CVE-2018-9995
[*] CVSS Base Score v3: 7.3 / 10
[*] CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
[*] Date: 09/04/2018
[*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa )
http://misteralfa-hack.blogspot.com/2018/04/tbk-vision-dvr-login-bypass.html
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9995
https://nvd.nist.gov/vuln/detail/CVE-2018-9995
https://gizmodo.com/a-creepy-website-is-streaming-from-73-000-private-secur-1655653510
Firmware Security 