← voltar
CVE-2018-9995

CVE-2018-9995

EPSS 83.2%◆ VulnCheck KEV
Vexday Risk Score
90Corrigir agora
Decisão SSVC (CISA)
Act
Exploração + impacto → ação imediata
Maturidade do exploit
Arma pronta
PoC popular no GitHub (555 estrelas) — código de exploração amplamente disponível.
CVSS EPSS 83.2%KEV nãoPoC públicaNuclei simMetasploit Patch
Ciclo de vida
30 mar 2016PoC pública
10 abr 2018Publicada no NVD
Recomendação: Corrigir o quanto antes — há exploração ativa confirmada.
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
Produtos afetados
n/a · n/a
PoCs públicas encontradas58
githubgithub.com/ezelf/CVE-2018-9995_dvr_credentials555githubgithub.com/Cyb0r9/DVR-Exploiter113githubgithub.com/0xDamian/CVE-2018-9995-rs97githubgithub.com/X3RX3SSec/DVR_Sploit11githubgithub.com/K3ysTr0K3R/CVE-2018-9995-EXPLOIT9githubgithub.com/kienquoc102/CVE-2018-9995-24githubgithub.com/zzh217/CVE-2018-9995_Batch_scanning_exp4githubgithub.com/wmasday/HTC3githubgithub.com/codeholic2k18/CVE-2018-99952githubgithub.com/gwolfs/CVE-2018-9995-ModifiedByGwolfs2githubgithub.com/Huangkey/CVE-2018-9995_check2githubgithub.com/ST0PL/DVRFaultNET1githubgithub.com/awesome-consumer-iot/HTC1githubgithub.com/mesutozsoycom/cve-2018-99951githubgithub.com/Saeed22487/CVE-2018-99951githubgithub.com/MrAli-Code/CVE-2018-9995_dvr_credentials1githubgithub.com/b510/CVE-2018-9995-POC1githubgithub.com/arminarab1999/CVE-2018-99950githubgithub.com/ABIZCHI/CVE-2018-9995_dvr_credentials0githubgithub.com/likaifeng0/CVE-2018-9995_dvr_credentials-dev_tool0githubgithub.com/dearpan/cve-2018-99950githubgithub.com/LeQuocKhanh2K/Tool_Exploit_Password_Camera_CVE-2018-99950githubgithub.com/TateYdq/CVE-2018-9995-ModifiedByGwolfs0githubgithub.com/batmoshka55/CVE-2018-9995_dvr_credentials0githubgithub.com/dego905/Cam0githubgithub.com/A-Alabdoo/CVE-DVr0vulncheckvulncheck.com/xdb/7368119491d0não verificadovulncheckvulncheck.com/xdb/8b058986f896não verificadovulncheckvulncheck.com/xdb/2810d053aebenão verificadovulncheckvulncheck.com/xdb/756c2260045cnão verificadovulncheckvulncheck.com/xdb/603350887945não verificadovulncheckvulncheck.com/xdb/e4fb6b56ea43não verificadovulncheckvulncheck.com/xdb/d76ef67bb972não verificadoexploitdbwww.exploit-db.com/exploits/44577não verificadocve_referencewww.exploit-db.com/exploits/44577/não verificadovulncheckvulncheck.com/xdb/0bb1e6df735bnão verificadovulncheckvulncheck.com/xdb/5febaf1762ecnão verificadovulncheckvulncheck.com/xdb/f3881ccb1207não verificadovulncheckvulncheck.com/xdb/0e22848f3872não verificadovulncheckvulncheck.com/xdb/b91da9616aaanão verificadovulncheckvulncheck.com/xdb/dae161a6d981não verificadovulncheckvulncheck.com/xdb/7535982dc418não verificadovulncheckvulncheck.com/xdb/17d89816eb23não verificadovulncheckvulncheck.com/xdb/3d97c3fdd793não verificadovulncheckvulncheck.com/xdb/4a57e0a35093não verificadovulncheckvulncheck.com/xdb/3ff318fa745anão verificadovulncheckvulncheck.com/xdb/529a7cb5859anão verificadovulncheckvulncheck.com/xdb/41fff1110aeenão verificadovulncheckvulncheck.com/xdb/07eb5a6f90b8não verificadovulncheckvulncheck.com/xdb/bec8edb6b35cnão verificadovulncheckvulncheck.com/xdb/949b3e250e13não verificadovulncheckvulncheck.com/xdb/68e84da49d7dnão verificadovulncheckvulncheck.com/xdb/21e4191ff6f5não verificadovulncheckvulncheck.com/xdb/7eaf338f4f14não verificadovulncheckvulncheck.com/xdb/5dc52e1063aenão verificadovulncheckvulncheck.com/xdb/83ea1106c0fcnão verificadovulncheckvulncheck.com/xdb/afb0039313e2não verificadovulncheckvulncheck.com/xdb/02e5259eb5e5não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.