5
CVSSv2

CVE-2018-9995

Published: 10/04/2018 Updated: 13/06/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 511
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote malicious users to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

Vulnerability Trend

Affected Products

Exploits

# -*- coding: utf-8 -*- import json import requests import argparse import tableprint as tp class Colors: BLUE = '\033[94m' GREEN = '\033[32m' RED = '\033[0;31m' DEFAULT = '\033[0m' ORANGE = '\033[33m' WHITE = '\033[97m' BOLD = '\033[1m' BR_COLOUR = '\033[1;37;40m' bann ...

Github Repositories

state This tools is an improved version of the CVE-2018-9995 wrote by gwolfs,and is for learning use only。Do not use for illegal purposes,all the consequences resulting from this are your ownThe orginal version is wrote by ezelf and is on githubcom/ezelf/CVE-2018-9995_dvr_credentials Thanks ezelf Exploit: tow methods,you can read the READMEmd in the method1 or m

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( optimized from CodeHolic ) Exploit: $> curl "http:

CVE-2018-9995_Batch_scanning_exp(last 2018-8-9) 针对CVE-2018-9995漏洞的dvr批量扫描脚本 ##CVE-2018-9995原利用脚本(Original code) ##环境准备(Environmental preparation) python3、ubuntu user@ubuntu:~$ sudo pip3 install grequests user@ubuntu:~$ sudo pip3 install tableprint ##使用方式(usage mode) 将待扫描设备以ip:port形式存入csv文件第一

statement This tool is an improved version of the CVE-2018-9995 wrote by gwolfs,and is for learning use only。Do not use for illegal purposes,all the consequences resulting from this are your ownThe orginal version is wrote by ezelf and is on githubcom/ezelf/CVE-2018-9995_dvr_credentials Thanks ezelf Exploit: 1get the SHODAN_APIKEY from shodanio 2open the sear

CVE-2018-9995_check DVR系列摄像头批量检测 使用方法:python CVE-2018-9995py hosttxt 其中hosttxt内容可以为8888:8080或者wwwbaiducom,脚本运行后对使用了DVR系列摄像头的host会保存到resulttxt文件里 漏洞利用工具可访问:githubcom/ezelf/CVE-2018-9995_dvr_credentials 注:请勿非法使用

cve-2018-9995 exploit camera with vuln cve-2018-9995 ( Novo CeNova QSee Pulnix XVR 5 in 1 (title: "XVR Login") Securus, - Security Never Compromise !! - Night OWL DVR Login HVR Login MDVR Login )

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa ) Exploit: $> curl "&

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa ) Exploit: $> curl "&

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa ) Exploit: $> curl "&

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa ) Exploit: $> curl "&

[Tool] show DVR Credentiales [*] Exploit Title: "Gets DVR Credentials" [*] CVE: CVE-2018-9995 [*] CVSS Base Score v3: 73 / 10 [*] CVSS Vector String: CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa ) Exploit: $> curl "&

DVR-Exploiter [*] Exploit Title: DVR Credentials Exposed [*] Date: 09/04/2018 [*] Exploit Author: Fernandez Ezequiel [*] DVR-Exploiter By: Belahsan Ouerghi [*] Contact: wwwfacebookcom/ouerghibelahsan [*] Youtube Tutorial: wwwyoutubecom/watch?v=vdnATjE_4II [*] Dorks: intitle:"DVR Login"

Habu: Hacking Toolkit I'm developing Habu to teach (and learn) some concepts about Python and Network Hacking Some techniques implemented in the current version are: ARP Poisoning ARP Sniffing DHCP Discover DHCP Starvation Fake FTP Server LAND Attack SNMP Cracking Subdomains Identification SSL/TLS Certificate Cloner SYN Flooding TCP Flags Analysis TCP ISN Analysis TCP Po

CamSploit v101 CamSploit is an exploiting tool that helps in the IP camera pentest It was developed using Dot Net Core (compatible with Windows and Linux), tested in windows 10 and Ubuntu 16 It has got a modular collection of exploits You can create your own modules to expands the currents exploits CamSploit is distributed under the GNU GPLv3 license In the next weeks, i

snowwolf-script 集成dns,whois,扫描端口,shodan,sqlmap辅助工具(后期决定删除改为帮助指南),自动化exploit工具 安装 apt-get install shodan pip install -r requirementstxt chmod +x Snowwolfsh 请自行安装python27环境 安装完成后运行即可 自动化漏洞利用为cve-exploitsh脚本,目前仅支持cve-2018-9995,cve-201

Toy-Box A toy box to save my python3 code toys Toys List RFC search RFC documents downloads tool zipPwn zip password crack tool SDscan sub-domain scan tool http_options_scan Dangerous HTTP options (PUT, MOVE) detection on the 80 or 443 port of the web server CVE-2018-9995_PoC Get TBK DVR uid and pwd CVE-2018-4407_PoC Crash iOS and OS X devices CVE-2015

项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile C C# C++ CSS CoffeeScript Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Objective-C Objective-C++ Others PHP PLpgSQL Pascal Perl PostScri

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 address | introduce | -|-|- 名字 | 介绍 | 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds
BleepingComputer • Catalin Cimpanu • 02 May 2018

An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record.
The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered by Fernandez at the start of last month.
Fernandez discovered that by accessing  the  control panel of sp...