A half-a-decade old vulnerability in certain digital video recording (DVR) devices has suddenly become interesting for threat actors to exploit again after the number of observed attacks surges, researchers have warned.
Cybersecurity researchers from Fortinet’s FortiGuard Labs have spotted an uptick in attacks targeting TBK DVRs using a publicly available proof-of-concept to exploit a vulnerability tracked as CVE-2018-9995. This is a vulnerability first discovered back in 2018, which allows remote attackers to bypass authentication and thus gain access to the target network.
To take advantage of the flaw, threat actors would craft a malicious HTTP cookie, forcing the endpoint to respond with JSON data carrying admin credentials.
Multiple affected devices
“A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges, eventually leading access to camera video feeds,” Fortinet says.
A number of devices are vulnerable to this flaw, it was said, including TBK DVR4104 and TBK DVR4216 and rebranded models dubbed Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR.
The researchers said that by April 2023, hackers tried to break into vulnerable devices more than 50,000 times.
“With tens of thousands of TBK DVRs available under different brands, publicly-available PoC code, and an easy-to-exploit makes this vulnerability an easy target for attackers,” the researchers said. “The recent spike in IPS detections shows that network camera devices remain a popular target for attackers.”
The worst part is that there’s no patch to address the issue. The only way to stay safe is to replace the system with a newer, actively supported device.
These types of DVRs are often used by banks, public sector organizations, and similar businesses, as part of their security surveillance (opens in new tab) solution.
Via: BleepingComputer (opens in new tab)