New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a “Cookie: uid=admin” header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

[*] Exploit Title: “Gets DVR Credentials”
[*] CVE: CVE-2018-9995
[*] CVSS Base Score v3: 7.3 / 10
[*] CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
[*] Date: 09/04/2018
[*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa )

http://misteralfa-hack.blogspot.com/2018/04/tbk-vision-dvr-login-bypass.html

https://github.com/ezelf/CVE-2018-9995_dvr_credentials

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9995

https://nvd.nist.gov/vuln/detail/CVE-2018-9995

https://gizmodo.com/a-creepy-website-is-streaming-from-73-000-private-secur-1655653510

https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/