CVE-2018-9995
CVE-2018-9995
Vexday Risk Score
90Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Weaponized
Popular PoC on GitHub (555 stars) — exploitation code widely available.
CVSS —EPSS 83.2%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
30 Mar 2016Public PoC
10 Apr 2018Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
Affected products
n/a · n/apublic PoCs found — 58
githubgithub.com/ezelf/CVE-2018-9995_dvr_credentials★ 555githubgithub.com/Cyb0r9/DVR-Exploiter★ 113githubgithub.com/0xDamian/CVE-2018-9995-rs★ 97githubgithub.com/X3RX3SSec/DVR_Sploit★ 11githubgithub.com/K3ysTr0K3R/CVE-2018-9995-EXPLOIT★ 9githubgithub.com/kienquoc102/CVE-2018-9995-2★ 4githubgithub.com/zzh217/CVE-2018-9995_Batch_scanning_exp★ 4githubgithub.com/wmasday/HTC★ 3githubgithub.com/codeholic2k18/CVE-2018-9995★ 2githubgithub.com/gwolfs/CVE-2018-9995-ModifiedByGwolfs★ 2githubgithub.com/Huangkey/CVE-2018-9995_check★ 2githubgithub.com/ST0PL/DVRFaultNET★ 1githubgithub.com/awesome-consumer-iot/HTC★ 1githubgithub.com/mesutozsoycom/cve-2018-9995★ 1githubgithub.com/Saeed22487/CVE-2018-9995★ 1githubgithub.com/MrAli-Code/CVE-2018-9995_dvr_credentials★ 1githubgithub.com/b510/CVE-2018-9995-POC★ 1githubgithub.com/arminarab1999/CVE-2018-9995★ 0githubgithub.com/ABIZCHI/CVE-2018-9995_dvr_credentials★ 0githubgithub.com/likaifeng0/CVE-2018-9995_dvr_credentials-dev_tool★ 0githubgithub.com/dearpan/cve-2018-9995★ 0githubgithub.com/LeQuocKhanh2K/Tool_Exploit_Password_Camera_CVE-2018-9995★ 0githubgithub.com/TateYdq/CVE-2018-9995-ModifiedByGwolfs★ 0githubgithub.com/batmoshka55/CVE-2018-9995_dvr_credentials★ 0githubgithub.com/dego905/Cam★ 0githubgithub.com/A-Alabdoo/CVE-DVr★ 0vulncheckvulncheck.com/xdb/7368119491d0unverifiedvulncheckvulncheck.com/xdb/8b058986f896unverifiedvulncheckvulncheck.com/xdb/2810d053aebeunverifiedvulncheckvulncheck.com/xdb/756c2260045cunverifiedvulncheckvulncheck.com/xdb/603350887945unverifiedvulncheckvulncheck.com/xdb/e4fb6b56ea43unverifiedvulncheckvulncheck.com/xdb/d76ef67bb972unverifiedexploitdbwww.exploit-db.com/exploits/44577unverifiedcve_referencewww.exploit-db.com/exploits/44577/unverifiedvulncheckvulncheck.com/xdb/0bb1e6df735bunverifiedvulncheckvulncheck.com/xdb/5febaf1762ecunverifiedvulncheckvulncheck.com/xdb/f3881ccb1207unverifiedvulncheckvulncheck.com/xdb/0e22848f3872unverifiedvulncheckvulncheck.com/xdb/b91da9616aaaunverifiedvulncheckvulncheck.com/xdb/dae161a6d981unverifiedvulncheckvulncheck.com/xdb/7535982dc418unverifiedvulncheckvulncheck.com/xdb/17d89816eb23unverifiedvulncheckvulncheck.com/xdb/3d97c3fdd793unverifiedvulncheckvulncheck.com/xdb/4a57e0a35093unverifiedvulncheckvulncheck.com/xdb/3ff318fa745aunverifiedvulncheckvulncheck.com/xdb/529a7cb5859aunverifiedvulncheckvulncheck.com/xdb/41fff1110aeeunverifiedvulncheckvulncheck.com/xdb/07eb5a6f90b8unverifiedvulncheckvulncheck.com/xdb/bec8edb6b35cunverifiedvulncheckvulncheck.com/xdb/949b3e250e13unverifiedvulncheckvulncheck.com/xdb/68e84da49d7dunverifiedvulncheckvulncheck.com/xdb/21e4191ff6f5unverifiedvulncheckvulncheck.com/xdb/7eaf338f4f14unverifiedvulncheckvulncheck.com/xdb/5dc52e1063aeunverifiedvulncheckvulncheck.com/xdb/83ea1106c0fcunverifiedvulncheckvulncheck.com/xdb/afb0039313e2unverifiedvulncheckvulncheck.com/xdb/02e5259eb5e5unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.htmlhttp://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995.htmlhttps://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/https://www.exploit-db.com/exploits/44577/