Home SECURITY An unpatched 5-year-old vulnerability is actively used to hack banks’ video cameras

An unpatched 5-year-old vulnerability is actively used to hack banks’ video cameras

0
An unpatched 5-year-old vulnerability is actively used to hack banks’ video cameras

[ad_1]

An unpatched 5-year-old vulnerability is actively used to hack banks’ video cameras

2 critical vulnerabilities are still unpatched and have been exploited over 50,000 times.

FortiGard Labs specialists Fortinet warn that hackers are actively exploiting the unpatched 2018 authentication bypass vulnerability in unsecured TBK DVR (digital video recording) devices.

DVRs are an integral part of CCTV systems as they record and store video from cameras. In our case, TBK Vision products are used in banks, government organizations, retailers, etc.

Since DVR servers are used to store sensitive video recordings, they are usually located on internal networks to prevent unauthorized access to the recorded video. Unfortunately, this makes them attractive to attackers who can use the servers to initially access corporate networks and steal data.

Fortinet experts have recently seen a surge in attempts to hack into TBK DVR devices, with cybercriminals using public PoC exploit to detect vulnerabilities on servers.



Exploitation spike CVE-2018-9995

Critical Vulnerability CVE-2018-9995 (CVSS: 9.8) allows attackers bypass authentication on the device and access the vulnerable network.

The exploit uses a specially crafted cookieAn HTTP file to which vulnerable TBK DVR devices respond with administrator credentials in the form of JSON data, which will eventually allow a hacker with administrative privileges to gain access to video streams from cameras.

The vulnerability affects TBK DVR4104 and TBK DVR4216, as well as the rebranding of these models sold under the brands Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login and MDVR.

As of April 2023, there have been over 50,000 attempts to compromise TBK DVR devices using this vulnerability, according to Fortinet. Fortinet is not aware of a security update to resolve CVE-2018-9995, so it is recommended that affected surveillance systems be replaced with new and actively maintained models or isolated from the Internet to prevent unauthorized access.

There is also another vulnerability that is experiencing an increase in exploitation. critical RCE-vulnerability CVE-2016-20016 (CVSS: 9.8) affects MVPower TV-7104HE and TV-7108HE DVRs and allows an unauthorized attacker to execute commands using malicious HTTP requests.



Operation statistics CVE-2016-20016

This vulnerability has been actively exploited since 2017, but recently Fortinet noticed signs of an increase in malicious activity. In this case, the manufacturer also did not release a fix for the vulnerability.

[ad_2]

Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here