This repository addresses the security vulnerability identified as CVE-2018-9995, affecting various DVR devices, including TBK DVR4104, DVR4216, Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login. These devices are re-branded versions of the original TBK DVR4104 and DVR4216 series. This vulnerability allows remote attackers to bypass authentication, posing a significant security risk.
The vulnerability stems from an authentication bypass mechanism, wherein a remote attacker can exploit a "Cookie: uid=admin" header. This header manipulation enables unauthorized access to the device's functionalities. A concrete example of this vulnerability can be observed in the "device.rsp?opt=user&cmd=list" request. The response to this request includes JSON data that inadvertently exposes sensitive credentials.
Attackers can leverage the "Cookie: uid=admin" header to gain unauthorized access to the affected devices. By issuing a crafted request, such as "device.rsp?opt=user&cmd=list," attackers can retrieve critical information contained within the JSON response, effectively bypassing the authentication process.
Included within this repository is a proof of concept (PoC) demonstrating the vulnerability. The PoC illustrates the steps to reproduce the authentication bypass using the identified exploit. It serves as a clear demonstration of the security concern and underscores the urgency of addressing this issue.
To mitigate the risk posed by CVE-2018-9995, it is recommended to apply the necessary security patches provided by the device manufacturers. Additionally, users should consider implementing network security measures, such as access control lists and firewalls, to restrict unauthorized access to vulnerable devices. Disclaimer
This repository and its content are intended for educational and informational purposes only. The PoC and vulnerability description are provided to raise awareness about the security issue. I am not responsible for any misuse or illegal activities conducted with this information.
For more details, refer to the original CVE documentation: CVE-2018-9995.
Please act responsibly and ethically when handling this information.
