漏洞信息(CVE-2018-9995)

一、漏洞 CVE-2018-9995 基础信息

漏洞信息

# N/A

## 漏洞概述
TBK DVR4104 和 DVR4216 设备及其多个重新品牌版本（如 Novo、CeNova、QSee、Pulnix、XVR 5 in 1、Securus、Night OWL、DVR Login、HVR Login 和 MDVR Login）存在漏洞，允许远程攻击者通过发送带有 "Cookie: uid=admin" 头的请求来绕过身份验证。

## 受影响版本
- TBK DVR4104
- TBK DVR4216
- Novo
- CeNova
- QSee
- Pulnix
- XVR 5 in 1
- Securus
- Night OWL
- DVR Login
- HVR Login
- MDVR Login

## 漏洞细节
通过向受感染设备发送包含 "Cookie: uid=admin" 头的请求，例如 `device.rsp?opt=user&cmd=list`，可以获取包含在 JSON 数据中的凭证。这使得攻击者能够在无需有效凭证的情况下进行身份验证。

## 影响
远程攻击者能够通过利用此漏洞绕过身份验证，获取敏感凭证并在未经授权的情况下访问设备。

备注

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

TBK DVR4104和DVR4216 安全漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

TBK DVR4104和DVR4216都是高清数字录像机设备。 TBK DVR4104和DVR4216中存在安全漏洞。远程攻击者可借助Cookie: uid=admin包头利用该漏洞绕过身份验证。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

信任管理问题

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2018-9995 的公开POC

#	POC 描述	源链接	神龙链接
1	(CVE-2018-9995) Get DVR Credentials	https://github.com/ezelf/CVE-2018-9995_dvr_credentials	POC详情
2	CVE-2018-9995_Batch_scanning_exp	https://github.com/zzh217/CVE-2018-9995_Batch_scanning_exp	POC详情
3	DVR系列摄像头批量检测	https://github.com/Huangkey/CVE-2018-9995_check	POC详情
4	None	https://github.com/gwolfs/CVE-2018-9995-ModifiedByGwolfs	POC详情
5	exploit camera with vuln cve-2018-9995 ( Novo, CeNova, QSee, Pulnix, XVR 5 in 1 (title: "XVR Login"), Securus, - Security. Never Compromise !! - Night OWL, DVR Login, HVR Login, MDVR Login )	https://github.com/shacojx/cve-2018-9995	POC详情
6	DVR-Exploiter a Bash Script Program Exploit The DVR's Based on CVE-2018-9995	https://github.com/Cyb0r9/DVR-Exploiter	POC详情
7	DVR username password recovery.	https://github.com/codeholic2k18/CVE-2018-9995	POC详情
8	None	https://github.com/TateYdq/CVE-2018-9995-ModifiedByGwolfs	POC详情
9	None	https://github.com/ABIZCHI/CVE-2018-9995_dvr_credentials	POC详情
10	None	https://github.com/IHA114/CVE-2018-9995_dvr_credentials	POC详情
11	webcam bug (python)	https://github.com/likaifeng0/CVE-2018-9995_dvr_credentials-dev_tool	POC详情
12	CVE-2018-9995 POC	https://github.com/b510/CVE-2018-9995-POC	POC详情
13	Hack The CCTV \| DVRs; Credentials Exposed \| CVE-2018-9995	https://github.com/withmasday/HTC	POC详情
14	Hack The CCTV \| DVRs; Credentials Exposed \| CVE-2018-9995	https://github.com/awesome-consumer-iot/HTC	POC详情
15	CVE-2018-9995 هک دوربین مداربسته با آسیب پذیری	https://github.com/Saeed22487/CVE-2018-9995	POC详情
16	None	https://github.com/kienquoc102/CVE-2018-9995-2	POC详情
17	None	https://github.com/dearpan/cve-2018-9995	POC详情
18	None	https://github.com/LeQuocKhanh2K/Tool_Exploit_Password_Camera_CVE-2018-9995	POC详情
19	None	https://github.com/hoaan1995/CVE-2018-9995	POC详情
20	.NET console application that exploits CVE-2018-9995 vulnerability	https://github.com/ST0PL/DVRFaultNET	POC详情
21	A PoC exploit for CVE-2018-9995 - DVR Authentication Bypass	https://github.com/K3ysTr0K3R/CVE-2018-9995-EXPLOIT	POC详情
22	CVE-2018-9995 Exploit Tool for Python3	https://github.com/Pab450/CVE-2018-9995	POC详情
23	None	https://github.com/MrAli-Code/CVE-2018-9995_dvr_credentials	POC详情
24	None	https://github.com/arminarab1999/CVE-2018-9995	POC详情
25	None	https://github.com/DOCKTYPe19/CVE-2018-9995	POC详情
26	Simple python3 script to automate CVE-2018-9995	https://github.com/X3RX3SSec/DVR_Sploit	POC详情
27	None	https://github.com/batmoshka55/CVE-2018-9995_dvr_credentials	POC详情
28	Este script está creado para mostar usuarios de DVR, VULNERABILIDAD (CVE-2018-9995)	https://github.com/dego905/Cam	POC详情
29	Hack The CCTV \| DVRs; Credentials Exposed \| CVE-2018-9995	https://github.com/wmasday/HTC	POC详情
30	CVE-2018-9995	https://github.com/A-Alabdoo/CVE-DVr	POC详情
31	TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-9995.yaml	POC详情
32	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/DVR%20%E7%99%BB%E5%BD%95%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2018-9995.md	POC详情

三、漏洞 CVE-2018-9995 的情报信息

https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/ x_refsource_MISC
http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html x_refsource_MISC
http://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995.html x_refsource_MISC
https://www.exploit-db.com/exploits/44577/ exploit x_refsource_EXPLOIT-DB
https://nvd.nist.gov/vuln/detail/CVE-2018-9995

一、 漏洞 CVE-2018-9995 基础信息

漏洞信息

备注

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2018-9995 的公开POC

三、漏洞 CVE-2018-9995 的情报信息

一、漏洞 CVE-2018-9995 基础信息