virus logo Intrusion Prevention

DVR.Cookie.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in DVR web interface.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this to bypass authentication and obtain administrative access.

description-logoOutbreak Alert

FortiGuard Labs observed "Critical" level of attack attempts to exploit an Authentication Bypass Vulnerability in TBK DVR devices (4104/4216) with upto more than 50,000+ unique IPS detections in the month of April 2023. The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading access to camera video feeds.

View the full Outbreak Alert Report

affected-products-logoAffected Products

TBK DVR4104 and DVR4216 devices

Impact logoImpact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

recomended-action-logoRecommended Actions

Currently, we are unaware of any vendor supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://github.com/ezelf/CVE-2018-9995_dvr_credentials 44577
ID 45993
Created May 10, 2018
Updated May 22, 2018
Outbreak Alert TBK DVR Attack
Threat Signal View Report
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2018-9995
Exploit Prediction Score 90.29%
Default Action drop
Active
Affected OS Other
Affected App Other