05-02-2018 , 09:11 PM
Quote:An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record.
The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered by Fernandez at the start of last month.
CVE-2018-9995 —the dangerous flaw that everyone ignored
Fernandez discovered that by accessing the control panel of specific DVRs with a cookie header of "Cookie: uid=admin," the DVR would respond with the device's admin credentials in cleartext. The entire exploit is small enough to fit inside a tweet.
$> curl "http://{DVR_HOST_IP}:{PORT}/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin"
Initially, Fernandez discovered that CVE-2018-9995 affected only DVR devices manufactured by TBK, but in an update to his original report published on Monday, the researcher expanded the list of vulnerable devices to include systems made by other vendors, most of which appeared to be selling rebranded versions of the original TBK DVR4104 and DVR4216 series.
Full article: HERE