Hackers reportedly target old surveillance camera security flaw. There is no reported patch for this very flaw. And the only available solution to it is to replace affected TBK DVRs.
Hackers Target Surveillance Camera
A half-a-decade-old vulnerability spotted in a host of digital video recording (DVR) devices has all of a sudden become interesting for threat actors to exploit yet again after a surge in observed attacks, researchers have now warned.
Cybersecurity researchers from Fortinet’s FortiGuard Labs have recently spotted an uptick in attacks that are targeting TBK DVRs making use of a publicly available proof-of-concept in a bid to exploit a vulnerability that is currently tracked as CVE-2018-9995. This is a vulnerability that was first discovered back in 2018, which lets remote attackers to bypass authentication and then gain access to the target network.
How the Security Flaw Works
In order to take advantage of the flaw, the threat actors in question would craft a malicious HTTP cookie, thus forcing the endpoint to respond with JSON data carrying admin credentials.
“A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges, eventually leading access to camera video feeds,” Fortinet states.
A host of devices are vulnerable to this flaw, it was stated, and this is including TBK DVR4104 and TBK DVR4216 as well as rebranded models dubbed Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR.
The researchers also said that by April 2023, hackers tried to access vulnerable devices over 50,000 times.
What the Researchers Think About the Flaw
“With tens of thousands of TBK DVRs available under different brands, publicly-available PoC code, and an easy-to-exploit makes this vulnerability an easy target for attackers,” the researchers stated. “The recent spike in IPS detections shows that network camera devices remain a popular target for attackers.”
The Solution to the Flaw
The worst part of the whole thing is that there is no patch in addressing this main issue. The only way forward in regards to staying safe is to replace the system directly with a newer and actively supported device. These very types of DVRs are mostly used by banks, public sector firms, and other smaller and similar businesses as part of the solution to their security surveillance.
MORE RELATED POSTS