• Language chooser
    • USA (English)
    • France (Français)
    • Italy (Italiano)
    • Latin America (Español)
    • Brazil (Portugués)
    • Germany (Deutsch)
    • Korea (한국어)
    • Japan (Beta) (日本語)

Multiple Vendor Camera System Attack

Released: May 11, 2023


High Severity

IoT Platform

Other Vendor


Active attack attempts targeting vulnerable CCTV Cameras and DVR systems from multiple vendors such as Argus, Axis, MVPower and Vacron.

FortiGuard Labs observed actively targeted video surveillance systems which may be without any available patches. Some of the attack attempts were peaked to as much as 50,000 IPS devices in the month of April 2023. Learn More »

Common Vulnerabilities and Exposures

CVE-2018-15745
CVE-2018-10661
CVE-2018-10662
CVE-2016-20016

Background

Recently, Fortiguard Labs released an Outbreak Alert on TBK DVR systems which had critical level of attack attempts based on our IPS telemetry. We expanded our research on such attacks and have discovered other devices that are being actively targeted and may be without any vendor patch.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


1. CVE-2018-15745: Argus Surveillance DVR 4.0.0.0 Devices- The flaw allows Unauthenticated Directory Traversal leading to file disclosure.
2. CVE-2018-10661 and CVE-2018-10662: Multiple models of Axis IP Cameras- This flaw allows for bypass of Access Control and exposed Insecure Interface which attacker may exploit to gain system access.
3. CVE-2016-20016: MVPower CCTV DVR Models- A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"
4. Vacron NVR Remote Code Execution- Attack against a Command Injection vulnerability in VACRON Network Video Recorder. This vulnerability does not have any assigned CVE yet.


The active exploitation attempts of these surveillance systems mentioned are already protected by IPS signatures and Fortinet customers remain protected from such attacks. FortiGuard Labs further recommends organizations to review affected vendor models and review for any vendor patches where possible.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • IPS

DETECT
  • Outbreak Detection

RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • InfoSec Services

IDENTIFY
  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0