5
CVSSv2

CVE-2018-9995

Published: 10/04/2018 Updated: 13/06/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote malicious users to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

Vulnerability Trend

Affected Products

Exploits

# -*- coding: utf-8 -*- import json import requests import argparse import tableprint as tp class Colors: BLUE = '\033[94m' GREEN = '\033[32m' RED = '\033[0;31m' DEFAULT = '\033[0m' ORANGE = '\033[33m' WHITE = '\033[97m' BOLD = '\033[1m' BR_COLOUR = '\033[1;37;40m' bann ...

Github Repositories

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa ) Exploit: $> curl "&

cve-2018-9995 exploit camera with vuln cve-2018-9995 ( Novo CeNova QSee Pulnix XVR 5 in 1 (title: "XVR Login") Securus, - Security Never Compromise !! - Night OWL DVR Login HVR Login MDVR Login )

CVE-2018-9995_check DVR系列摄像头批量检测 使用方法:python CVE-2018-9995py hosttxt 其中hosttxt内容可以为8888:8080或者wwwbaiducom,脚本运行后对使用了DVR系列摄像头的host会保存到resulttxt文件里 漏洞利用工具可访问:githubcom/ezelf/CVE-2018-9995_dvr_credentials 注:请勿非法使用

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( optimized from CodeHolic ) Exploit: $> curl "http:

state This tools is an improved version of the CVE-2018-9995 wrote by gwolfs,and is for learning use only。Do not use for illegal purposes,all the consequences resulting from this are your ownThe orginal version is wrote by ezelf and is on githubcom/ezelf/CVE-2018-9995_dvr_credentials Thanks ezelf Exploit: tow methods,you can read the READMEmd in the method1 or m

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa ) Exploit: $> curl "&

CVE-2018-9995_Batch_scanning_exp(last 2018-8-9) 针对CVE-2018-9995漏洞的dvr批量扫描脚本 ##CVE-2018-9995原利用脚本(Original code) ##环境准备(Environmental preparation) python3、ubuntu user@ubuntu:~$ sudo pip3 install grequests user@ubuntu:~$ sudo pip3 install tableprint ##使用方式(usage mode) 将待扫描设备以ip:port形式存入csv文件第一

statement This tool is an improved version of the CVE-2018-9995 wrote by gwolfs,and is for learning use only。Do not use for illegal purposes,all the consequences resulting from this are your ownThe orginal version is wrote by ezelf and is on githubcom/ezelf/CVE-2018-9995_dvr_credentials Thanks ezelf Exploit: 1get the SHODAN_APIKEY from shodanio 2open the sear

Exp_CVE-2018-9995

DVR-Exploiter [*] Exploit Title: DVR Credentials Exposed [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel [*] DVR-Exploiter By: Belahsan Ouerghi [*] Contact: wwwfacebookcom/ouerghibelahsan [*] Youtube Tutorial: wwwyoutubecom/watch?v=vdnATjE_4II [*] Dorks: intitle:"DVR Login"

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa ) Exploit: $> curl "&

CamSploit v101 CamSploit is an exploiting tool that helps in the IP camera pentest It was developed using Dot Net Core (compatible with Windows and Linux), tested in windows 10 and Ubuntu 16 It has got a modular collection of exploits You can create your own modules to expands the currents exploits CamSploit is distributed under the GNU GPLv3 license In the next weeks, i

Habu: Python Network Hacking Toolkit I'm developing Habu to teach (and learn) some concepts about Python and Network Hacking These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the source code and learn from

Toy-Box A toy box to save my python3 code toys Toys List RFC search RFC documents downloads tool zipPwn zip password crack tool SDscan sub-domain scan tool http_options_scan Dangerous HTTP options (PUT, MOVE) detection on the 80 or 443 port of the web server CVE-2018-9995_PoC Get TBK DVR uid and pwd CVE-2018-4407_PoC Crash iOS and OS X devices CVE-2015

snowwolf-script 集成dns,whois,扫描端口,shodan,sqlmap辅助工具(后期决定删除改为帮助指南),自动化exploit工具 安装 apt-get install shodan pip install -r requirementstxt chmod +x Snowwolfsh 请自行安装python27环境 安装完成后运行即可 自动化漏洞利用为cve-exploitsh脚本,目前仅支持cve-2018-9995,cve-201

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile BitBake Bro C C# C++ CSS CoffeeScript Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :