JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution

Description

This indicates an attack attempt to exploit a Command Injection vulnerability in MVPower digital video recorders.
The vulnerability is due to insufficient validation of user supplied inputs when processing HTTP requests. It may allow remote attackers to execute arbitrary system commands within the context of the application.

Outbreak Alert

FortiGuard Labs observed "Critical" level of attack attempts to exploit an Authentication Bypass Vulnerability in TBK DVR devices (4104/4216) with upto more than 50,000+ unique IPS detections in the month of April 2023. The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading access to camera video feeds.

View the full Outbreak Alert Report

FortiGuard Labs observed actively targeted video surveillance systems which may be without any available patches. Some of the attack attempts were peaked to as much as 50,000 IPS devices in the month of April 2023.

View the full Outbreak Alert Report

Affected Products

MVPower model TV-7104HE firmware version 1.8.4 115215B9

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue

References