Sign-up

ID

VAR-201804-1666


CVE

CVE-2018-9995


TITLE

TBK DVR4104 and DVR4216 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-004376

DESCRIPTION

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response. TBK DVR4104 and DVR4216 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both the TBKDVR4104 and DVR4216 are high definition digital video recorder devices. There are security vulnerabilities in the TBKDVR4104 and DVR4216. A remote attacker can exploit this vulnerability to bypass authentication with the help of the Cookie:uid=admin header

Trust: 2.34

sources: NVD: CVE-2018-9995 // JVNDB: JVNDB-2018-004376 // CNVD: CNVD-2018-08885 // VULHUB: VHN-140027 // VULMON: CVE-2018-9995

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08885

AFFECTED PRODUCTS

vendor:tbkvisionmodel:tbk-dvr4104scope:eqversion: -

Trust: 1.6

vendor:tbkvisionmodel:tbk-dvr4216scope:eqversion: -

Trust: 1.6

vendor:tbkvisionmodel:tbk-dvr4104scope: - version: -

Trust: 0.8

vendor:tbkvisionmodel:tbk-dvr4216scope: - version: -

Trust: 0.8

vendor:tbkmodel:dvr4104 noscope: - version: -

Trust: 0.6

vendor:tbkmodel:dvr4216 noscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-08885 // JVNDB: JVNDB-2018-004376 // CNNVD: CNNVD-201804-454 // NVD: CVE-2018-9995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9995
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-9995
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-08885
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201804-454
value: CRITICAL

Trust: 0.6

VULHUB: VHN-140027
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-9995
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-9995
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-08885
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-140027
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9995
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08885 // VULHUB: VHN-140027 // VULMON: CVE-2018-9995 // JVNDB: JVNDB-2018-004376 // CNNVD: CNNVD-201804-454 // NVD: CVE-2018-9995

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-140027 // JVNDB: JVNDB-2018-004376 // NVD: CVE-2018-9995

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-454

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201804-454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004376

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-140027 // 
            
            
            
            VULMON: CVE-2018-9995

PATCH
title:TBK-DVR4104url:http://tbkvision.com/producto/tbk-dvr4104/
Trust: 0.8
title:TBK-DVR4216url:http://tbkvision.com/producto/tbk-dvr4216/
Trust: 0.8
title:TBKDVR4104 and DVR4216 login bugs that bypass the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/128095
Trust: 0.6
title:getDVRurl:https://github.com/eFeDe3/getDVR 
Trust: 0.1
title:CVE-2018-9995_dvr_credentialsurl:https://github.com/IHA114/CVE-2018-9995_dvr_credentials 
Trust: 0.1
title:CVE-2018-9995-Exploiturl:https://github.com/kienquoc102/CVE-2018-9995-Exploit 
Trust: 0.1
title:Exploits-CVE-2018-9995url:https://github.com/kienquoc102/Exploits-CVE-2018-9995 
Trust: 0.1
title:rufboturl:https://github.com/rufbot/rufbot 
Trust: 0.1
title:Exploit-CVE-2018-9995url:https://github.com/kienquoc102/Exploit-CVE-2018-9995 
Trust: 0.1
title:CVE-2018-9995url:https://github.com/quocquoc181/CVE-2018-9995 
Trust: 0.1
title:CVE-2018-9995url:https://github.com/kienquoc102/CVE-2018-9995 
Trust: 0.1
title:CVE-2018-9995_dvr_credentialsurl:https://github.com/ezelf/CVE-2018-9995_dvr_credentials 
Trust: 0.1
title:CVE-2018-9995_dvr_credentialsurl:https://github.com/ABIZCHI/CVE-2018-9995_dvr_credentials 
Trust: 0.1
title:CVE-2018-9995-RMTesturl:https://github.com/quocquoc181/CVE-2018-9995-RMTest 
Trust: 0.1
title:https-github.com-fportantier-habuurl:https://github.com/vincentfer/https-github.com-fportantier-habu 
Trust: 0.1
title:cve-2018-9995url:https://github.com/shacojx/cve-2018-9995 
Trust: 0.1
title:CVE-2018-995-Remakeurl:https://github.com/kienquoc102/CVE-2018-995-Remake 
Trust: 0.1
title:CVE-2018-9995-POCurl:https://github.com/b510/CVE-2018-9995-POC 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08885 // 
            
            
            
            VULMON: CVE-2018-9995 // 
            
            
            
            JVNDB: JVNDB-2018-004376

EXTERNAL IDS
db:NVDid:CVE-2018-9995
Trust: 3.2
db:EXPLOIT-DBid:44577
Trust: 1.7
db:JVNDBid:JVNDB-2018-004376
Trust: 0.8
db:CNVDid:CNVD-2018-08885
Trust: 0.6
db:CNNVDid:CNNVD-201804-454
Trust: 0.6
db:PACKETSTORMid:147478
Trust: 0.1
db:SEEBUGid:SSVID-97260
Trust: 0.1
db:VULHUBid:VHN-140027
Trust: 0.1
db:VULMONid:CVE-2018-9995
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08885 // 
            
            
            
            VULHUB: VHN-140027 // 
            
            
            
            VULMON: CVE-2018-9995 // 
            
            
            
            JVNDB: JVNDB-2018-004376 // 
            
            
            
            CNNVD: CNNVD-201804-454 // 
            
            
            
            NVD: CVE-2018-9995

REFERENCES
url:https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/
Trust: 2.5
url:https://www.exploit-db.com/exploits/44577/
Trust: 1.7
url:http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html
Trust: 1.7
url:http://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9995
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9995
Trust: 0.8
url:http://tbkvision.com/producto/tbk-dvr4104/
Trust: 0.6
url:https://github.com/ezelf/cve-2018-9995_dvr_credentials
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08885 // 
            
            
            
            VULHUB: VHN-140027 // 
            
            
            
            JVNDB: JVNDB-2018-004376 // 
            
            
            
            CNNVD: CNNVD-201804-454 // 
            
            
            
            NVD: CVE-2018-9995

SOURCES
db:CNVDid:CNVD-2018-08885
db:VULHUBid:VHN-140027
db:VULMONid:CVE-2018-9995
db:JVNDBid:JVNDB-2018-004376
db:CNNVDid:CNNVD-201804-454
db:NVDid:CVE-2018-9995

LAST UPDATE DATE
2024-08-14T15:39:18.787000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08885date:2018-05-04T00:00:00
db:VULHUBid:VHN-140027date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-9995date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-004376date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201804-454date:2019-10-23T00:00:00
db:NVDid:CVE-2018-9995date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08885date:2018-05-04T00:00:00
db:VULHUBid:VHN-140027date:2018-04-10T00:00:00
db:VULMONid:CVE-2018-9995date:2018-04-10T00:00:00
db:JVNDBid:JVNDB-2018-004376date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201804-454date:2018-04-11T00:00:00
db:NVDid:CVE-2018-9995date:2018-04-10T22:29:00.290