Security News > 2023 > May > Hackers exploit 5-year-old unpatched flaw in TBK DVR devices
Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR devices.
Fortinet's FortiGard Labs reports seeing an uptick in hacking attempts on TBK DVR devices recently, with the threat actors using a publicly available proof of concept exploit to target a vulnerability in the servers.
The exploit uses a maliciously crafted HTTP cookie, to which vulnerable TBK DVR devices respond with admin credentials in the form of JSON data.
The vulnerability impacts the TBK DVR4104 and TBK DVR4216 and rebrands of these models sold under the Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR brands.
According to Fortinet, as of April 2023, there were over 50,000 attempts to exploit TBK DVR devices using this flaw.
Another old flaw undergoing an exploitation "Outbreak" is CVE-2016-20016, a remote code execution vulnerability impacting MVPower TV-7104HE and TV-7108HE DVRs, allowing attackers to perform unauthenticated command execution using malicious HTTP requests.
News URL
Related news
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-19 | CVE-2016-20016 | Unspecified vulnerability in Mvpower Tv-7104He Firmware and Tv7108He Firmware MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. | 9.8 |