Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-9995

Description

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

POC

Reference

- https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/

- https://www.exploit-db.com/exploits/44577/

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0ps/pocassistdb

- https://github.com/0xT11/CVE-POC

- https://github.com/1o24er/RedTeam

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/sectool

- https://github.com/A-Alabdoo/CVE-DVr

- https://github.com/ABIZCHI/CVE-2018-9995_dvr_credentials

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Al1ex/Red-Team

- https://github.com/Apri1y/Red-Team-links

- https://github.com/Aquilao/Toy-Box

- https://github.com/ArrestX/--POC

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Carlos5F5/DVR-VulnScanner

- https://github.com/CriptonDario/DVR-camaras-de-seguridad

- https://github.com/Cyb0r9/DVR-Exploiter

- https://github.com/DOCKTYPe19/CVE-2018-9995

- https://github.com/Echocipher/Resource-list

- https://github.com/Fabri15544/Tron-Search

- https://github.com/GhostTroops/TOP

- https://github.com/HaroldTaylono/motor

- https://github.com/Huangkey/CVE-2018-9995_check

- https://github.com/IHA114/CVE-2018-9995_dvr_credentials

- https://github.com/JERRY123S/all-poc

- https://github.com/K3ysTr0K3R/CVE-2018-9995-EXPLOIT

- https://github.com/K3ysTr0K3R/K3ysTr0K3R

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/LeQuocKhanh2K/Tool_Exploit_Password_Camera_CVE-2018-9995

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/MrAli-Code/CVE-2018-9995_dvr_credentials

- https://github.com/MrScytheLULZ/IdkLuLz-Python-

- https://github.com/Ondrik8/RED-Team

- https://github.com/Pab450/CVE-2018-9995

- https://github.com/PinesPoet/SDCE

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/ST0PL/DVRFaultNET

- https://github.com/Saeed22487/CVE-2018-9995

- https://github.com/Satcomx00-x00/Camera-CamSploit

- https://github.com/SexyBeast233/SecBooks

- https://github.com/TateYdq/CVE-2018-9995-ModifiedByGwolfs

- https://github.com/Threekiii/Awesome-POC

- https://github.com/X3RX3SSec/DVR_Sploit

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/Zackmk1975/CVE

- https://github.com/alexandrac1420/Explotaci-n_Vulnerabilidades_IoT

- https://github.com/arminarab1999/CVE-2018-9995

- https://github.com/awesome-consumer-iot/HTC

- https://github.com/b510/CVE-2018-9995-POC

- https://github.com/batmoshka55/CVE-2018-9995_dvr_credentials

- https://github.com/bigblackhat/oFx

- https://github.com/carlos-fernando-yanquee-94/DVR_Exploiter-master-clon

- https://github.com/codeholic2k18/CVE-2018-9995

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/dearpan/cve-2018-9995

- https://github.com/dego905/Cam

- https://github.com/dino213dz/cameraDVRTester

- https://github.com/dk47os3r/hongduiziliao

- https://github.com/eriinline/awine

- https://github.com/ezelf/CVE-2018-9995_dvr_credentials

- https://github.com/gwolfs/CVE-2018-9995-ModifiedByGwolfs

- https://github.com/hasee2018/Safety-net-information

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/hktalent/TOP

- https://github.com/hoaan1995/CVE-2018-9995

- https://github.com/hudunkey/Red-Team-links

- https://github.com/its-anya/DVR_Credential_Scanner

- https://github.com/jameseyes/DVRC

- https://github.com/jbmihoub/all-poc

- https://github.com/john-80/-007

- https://github.com/jweny/pocassistdb

- https://github.com/kienquoc102/CVE-2018-9995-2

- https://github.com/landscape2024/RedTeam

- https://github.com/likaifeng0/CVE-2018-9995_dvr_credentials-dev_tool

- https://github.com/lnick2023/nicenice

- https://github.com/lp008/Hack-readme

- https://github.com/maxpowersi/CamSploit

- https://github.com/n0-traces/cve_monitor

- https://github.com/netsecfish/tbk_dvr_command_injection

- https://github.com/nobiusmallyu/kehai

- https://github.com/openx-org/BLEN

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/rufbot/rufbot

- https://github.com/shacojx/cve-2018-9995

- https://github.com/sjomurodov/getDVR

- https://github.com/slimdaddy/RedTeam

- https://github.com/svbjdbk123/-

- https://github.com/tausifzaman/cctv-hack

- https://github.com/thaipc2021/camera

- https://github.com/twensoo/PersistentThreat

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/withmasday/HTC

- https://github.com/wj158/snowwolf-script

- https://github.com/wmasday/HTC

- https://github.com/wr0x00/Lizard

- https://github.com/wr0x00/Lsploit

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xiaoZ-hc/redtool

- https://github.com/yut0u/RedTeam-BlackBox

- https://github.com/zzh217/CVE-2018-9995_Batch_scanning_exp