This indicates an attack attempt to exploit a Command Injection vulnerability in MVPower digital video recorders.
The vulnerability is due to insufficient validation of user supplied inputs when processing HTTP requests. It may allow remote attackers to execute arbitrary system commands within the context of the application.

description-logoOutbreak Alert

FortiGuard Labs observed "Critical" level of attack attempts to exploit an Authentication Bypass Vulnerability in TBK DVR devices (4104/4216) with upto more than 50,000+ unique IPS detections in the month of April 2023. The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading access to camera video feeds.

View the full Outbreak Alert Report

FortiGuard Labs observed actively targeted video surveillance systems which may be without any available patches. Some of the attack attempts were peaked to as much as 50,000 IPS devices in the month of April 2023.

View the full Outbreak Alert Report

affected-products-logoAffected Products

MVPower model TV-7104HE firmware version 1.8.4 115215B9

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-06-18 15.867 Sig Added
2019-08-02 14.664 Sig Added
2019-06-07 14.628 Sig Added