Vulnerabilities > CVE-2018-10676 - Unspecified vulnerability in Tbkvision Tbk-Dvr4104 Firmware and Tbk-Dvr4216 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tbkvision

critical

NVD

Published: 2018-05-02

Updated: 2019-10-03

Summary

CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI.

Vulnerable Configurations

Part	Description	Count
OS	Tbkvision Tbkvision TBK Dvr4216 Firmware - Tbkvision TBK Dvr4104 Firmware -	2
Hardware	Tbkvision Tbkvision TBK Dvr4216 - Tbkvision TBK Dvr4104 -	2

References

http://misteralfa-hack.blogspot.cl/2018/05/0day-dvr-multivendor.html