Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-9995 PoC — TBK DVR4104和DVR4216 安全漏洞

Source
https://github.com/0xDamian/CVE-2018-9995-rs
Associated Vulnerability
Title:TBK DVR4104和DVR4216 安全漏洞 (CVE-2018-9995)
Description:TBK DVR4104和DVR4216都是高清数字录像机设备。 TBK DVR4104和DVR4216中存在安全漏洞。远程攻击者可借助Cookie: uid=admin包头利用该漏洞绕过身份验证。
Description
POC of CVE-2018-9995 written in Rust.
Readme
## Overview

This repository contains a proof-of-concept (PoC) exploit implemented in Rust targeting CVE-2018-9995. The code is for research and educational purposes only.

## CVE Details

- Identifier: `CVE-2018-9995`
    
- Summary: Proof-of-concept exploit demonstrating the vulnerability (see public advisories for technical details).

## Requirements

- Rust toolchain (stable) — `rustc` and `cargo`.
    
- Linux or any platform supported by Rust.

## Usage

The repository is a PoC. Typical usage (example):

```bash
cargo run -- IP PORT
```

Eg:
```bash
cargo run -- 0.0.0.0 85
```

Defaults to port `80` if port isn't specified.


<img width="1367" height="769" alt="how-it-works" src="https://github.com/user-attachments/assets/1d293806-b937-493f-961b-f21af02f38ff" />

---

## Finding Vulnerable Devices

### Google Dork

```
intitle:"DVR Login"
```
<img width="1036" height="573" alt="googlePOC" src="https://github.com/user-attachments/assets/939995ea-0858-4d27-862b-464232dc193a" />

### Shodan (shodan.io)

```
"Server GNU rsp/1.0"
```
<img width="1347" height="599" alt="image" src="https://github.com/user-attachments/assets/12f2a968-e05c-4140-828a-56975a444bb1" />

### Zoomeye (zoomeye.ai)
```
"/login.rsp"
```
<img width="1200" height="594" alt="image" src="https://github.com/user-attachments/assets/94fe9d05-2114-4a2e-b33d-5709b2adab2a" />


## Watching Live Feeds

To watch live feeds from compromised CCTV cameras, you need a browser that supports ActiveX. 
All modern browsers have dropped support for ActiveX, so one of the few ways to watch live feeds is to use Internet Explorer.
You can either install a Windows 7 VM or use "IE Mode" in Edge on Windows 10/11.

<img width="1367" height="769" alt="image" src="https://github.com/user-attachments/assets/52c11891-c4ba-4480-bc57-36fcd8f02e76" />


---
## Credits

- Author: 0xDamian, [@damnsec1](https://x.com/damnsec1) on Twitter
    
- References: https://nvd.nist.gov/vuln/detail/cve-2018-9995 (CVE Database), https://github.com/ezelf/CVE-2018-9995_dvr_credentials (Python POC)
File Snapshot

 [4.0K]  /data/pocs/4980ca9afeaeb9186b75657b860dc2f97320669a
├── [ 37K]  Cargo.lock
├── [ 298]  Cargo.toml
├── [2.0K]  README.md
└── [4.0K]  src
    ├── [4.3K]  lib.rs
    └── [ 642]  main.rs

2 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.