JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution
Description
This indicates an attack attempt to exploit a Command Injection vulnerability in MVPower digital video recorders.
The vulnerability is due to insufficient validation of user supplied inputs when processing HTTP requests. It may allow remote attackers to execute arbitrary system commands within the context of the application.
Outbreak Alert
FortiGuard Labs observed "Critical" level of attack attempts to exploit an Authentication Bypass Vulnerability in TBK DVR devices (4104/4216) with upto more than 50,000+ unique IPS detections in the month of April 2023. The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading access to camera video feeds.
View the full Outbreak Alert Report
FortiGuard Labs observed actively targeted video surveillance systems which may be without any available patches. Some of the attack attempts were peaked to as much as 50,000 IPS devices in the month of April 2023.
Affected Products
MVPower model TV-7104HE firmware version 1.8.4 115215B9
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |