DVR.Cookie.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in DVR web interface.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this to bypass authentication and obtain administrative access.
Outbreak Alert
FortiGuard Labs observed "Critical" level of attack attempts to exploit an Authentication Bypass Vulnerability in TBK DVR devices (4104/4216) with upto more than 50,000+ unique IPS detections in the month of April 2023. The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading access to camera video feeds.
Affected Products
TBK DVR4104 and DVR4216 devices
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Currently, we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |