Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Fortinet warns of a spike in attacks against TBK DVR devices

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK […]

TBK DVR

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices.

FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices.

The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker can trigger the flaw to obtain administrative privileges and eventually gain access to camera video feeds.

TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities.

According to the company, they have over 600,000 Cameras and 50,000 Recorders installed all over the world in multiple sectors such as Banking, Retail, Government, etc.

The NIST also warns that some models sold by the company, such as TBK DVR4104 and DVR4216 devices, are also rebranded and available on the market with the bands like Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR.

“FortiGuard Labs observed “Critical” level of attack attempts to exploit an Authentication Bypass Vulnerability in TBK DVR devices (4104/4216) with upto more than 50,000+ unique IPS detections in the month of April 2023.” reads the advisory published by Fortinet.

In an update provided by Fortinet on May 1, 2023, the company states that tens of thousands of TBK DVRs available under different brands could be easily exploitable due to the public availability of PoC code. The company pointed out that the issue is easy-to-exploit.

At this time, the vendor has yet to release security patches to address the flaw.

In April 2018, security researcher Fernandez Ezequiel published proof-of-concept (PoC) code for this vulnerability.

Fortinet also warns of a spike in exploitation attempts targeting the CVE-2016-20016 (CVSS score of 9.8) in MVPower CCTV DVR models.

“Another notable spike to mention is IPS detections related to MVPower CCTV DVR models (CVE-2016-20016) also known as JAWS webserver RCE. Previously seen to be exploited in the wild through 2017 and on-going.” continues the advisory.

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, TBK DVR)