Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds
#1
Quote:An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record.

The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered by Fernandez at the start of last month.

CVE-2018-9995 —the dangerous flaw that everyone ignored
Fernandez discovered that by accessing  the  control panel of specific DVRs with a cookie header of "Cookie: uid=admin," the DVR would respond with the device's admin credentials in cleartext. The entire exploit is small enough to fit inside a tweet.

$> curl "http://{DVR_HOST_IP}:{PORT}/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin"


Initially, Fernandez discovered that CVE-2018-9995 affected only DVR devices manufactured by TBK, but in an update to his original report published on Monday, the researcher expanded the list of vulnerable devices to include systems made by other vendors, most of which appeared to be selling rebranded versions of the original TBK DVR4104 and DVR4216 series.

Full article:  HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Facebook makes key Instagram security tool Pysa available to users dhruv2193 1 1,720 11-25-2023 , 09:16 AM
Last Post: Patrick77
  New macOS zero-day bug lets attackers run commands remotely mrtrout 0 606 09-21-2021 , 09:48 PM
Last Post: mrtrout
  Hacktivists Breach a Security Company, Get Access to 150,000 Camera Feeds mrtrout 0 816 04-01-2021 , 12:09 AM
Last Post: mrtrout
  SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps Bjyda 0 838 02-19-2021 , 10:56 PM
Last Post: Bjyda
  Hacking tool used by Russian intelligence threatens US government networks mrtrout 0 979 08-17-2020 , 10:14 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)