Security News > 2023 > May > Hackers exploit 5-year-old unpatched flaw in TBK DVR devices
Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR devices.
Fortinet's FortiGard Labs reports seeing an uptick in hacking attempts on TBK DVR devices recently, with the threat actors using a publicly available proof of concept exploit to target a vulnerability in the servers.
The exploit uses a maliciously crafted HTTP cookie, to which vulnerable TBK DVR devices respond with admin credentials in the form of JSON data.
The vulnerability impacts the TBK DVR4104 and TBK DVR4216 and rebrands of these models sold under the Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR brands.
According to Fortinet, as of April 2023, there were over 50,000 attempts to exploit TBK DVR devices using this flaw.
Another old flaw undergoing an exploitation "Outbreak" is CVE-2016-20016, a remote code execution vulnerability impacting MVPower TV-7104HE and TV-7108HE DVRs, allowing attackers to perform unauthenticated command execution using malicious HTTP requests.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-19 | CVE-2016-20016 | Unspecified vulnerability in Mvpower Tv-7104He Firmware and Tv7108He Firmware MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. | 9.8 |