Are you using a TBK digital video recording (DVR) device? If so, you should be aware of a critical vulnerability that has been actively exploited by threat actors for the past five years. The vulnerability, CVE-2018-9995, has a CVSS score of 9.8 and could allow remote attackers to bypass authentication and gain administrative privileges, potentially allowing them access to camera video feeds. Fortinet FortiGuard Labs issued an advisory on May 1, 2023, warning users of the danger posed by this unpatched flaw. Protect yourself and update your device now!
Fortinet has detected over 50,000 attempts to exploit TBK DVR devices since April 2023, and the vulnerability is still unpatched! Not only that, but these devices are also rebranded and sold under the names CeNova, DVR Login, HVR Login, MDVR Login, Night OWL, Novo, QSee, Pulnix, Securus, and XVR 5 in 1. Furthermore, Fortinet has also observed a surge in the exploitation of CVE-2016-20016 (CVSS score: 9.8), a critical vulnerability affecting MVPower CCTV DVR models, such as TV-7104HE 1.8.4 115215B9 and TV7108HE. This is a serious threat to network security, so make sure to stay vigilant and keep your devices up to date!
“It’s alarming to think that a remote, unauthenticated attacker could execute arbitrary operating system commands as root, thanks to the presence of a web shell that can be accessed through a /shell URI. With tens of thousands of TBK DVRs on the market, and publicly-available proof-of-concept code, this vulnerability is an easy target for malicious actors. Recent spikes in IPS detections indicate that network camera devices are still a popular target for attackers.”