Security News > 2023 > May > Hackers exploit 5-year-old unpatched flaw in TBK DVR devices

Hackers exploit 5-year-old unpatched flaw in TBK DVR devices
2023-05-02 15:13

Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR devices.

Fortinet's FortiGard Labs reports seeing an uptick in hacking attempts on TBK DVR devices recently, with the threat actors using a publicly available proof of concept exploit to target a vulnerability in the servers.

The exploit uses a maliciously crafted HTTP cookie, to which vulnerable TBK DVR devices respond with admin credentials in the form of JSON data.

The vulnerability impacts the TBK DVR4104 and TBK DVR4216 and rebrands of these models sold under the Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR brands.

According to Fortinet, as of April 2023, there were over 50,000 attempts to exploit TBK DVR devices using this flaw.

Another old flaw undergoing an exploitation "Outbreak" is CVE-2016-20016, a remote code execution vulnerability impacting MVPower TV-7104HE and TV-7108HE DVRs, allowing attackers to perform unauthenticated command execution using malicious HTTP requests.


News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-5-year-old-unpatched-flaw-in-tbk-dvr-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-10-19 CVE-2016-20016 Unspecified vulnerability in Mvpower Tv-7104He Firmware and Tv7108He Firmware
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI.
network
low complexity
mvpower
critical
9.8