Attackers are trying to exploit old DVR vulnerabilities (CVE-2018-9995, CVE-2016-20016)
Security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands five years ago, and it is still being exploited today. FortiGuard Labs has registered over 50,000 unique exploitation attempts in the past month. CVE-2018-9995 is an authentication bypass vulnerability that can be triggered with a maliciously crafted HTTP cookie sent to a vulnerable DVR device, which then sends back the device's admin credentials in clear text. The attacker can then access the DVR device and connected camera's live video feeds. The vulnerability was found in TBK Vision's DVR4104 and DVR4216 devices, which are also rebranded and sold under other names. FortiGuard Labs recommends organizations review their CCTV camera systems for vulnerable models, as they are not aware of any patches provided by the vendor. Users can protect their devices by limiting access to their DVR's management interface and allowing access only from specific IP addresses. Fortinet has also noticed a spike in attempted exploitation of another old command Injection vulnerability (CVE-2016-20016), which affects MVPower digital video recorders. CVEs: CVE-2018-9995, CVE-2016-20016 [View Article](https://www.helpnetsecurity.com/2023/05/03/cve-2018-9995-cve-2016-20016/)