FortiGuard Labs has recently observed a detection spike in DVR Authentication Bypass Vulnerability (CVE-2018-9995). This indicates that attackers tried to exploit the vulnerability potentially resulting in attackers gaining unauthorized access to vulnerable DVR devices.Why is this Significant?This is significant because FortiGuard Labs has recently observed increased exploit attempts for unpatched TBK DVR4104 and DVR4216 Digital Video Recorder (DVR) devices as well as rebranded devices. Proof-of-Concept (PoC) code is readily available, and the vulnerability is trivial to exploit.What is CVE-2018-9995?CVE-2018-9995 is an authentication bypass vulnerability that affects DVR4104 and DVR4216 manufactured by TBK and their rebranded devices. The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this to bypass authentication and obtain administrative access.CVE-2018-9995 has a CVSS basic score of 9.8 and is rated critical by NIST.Has the Vendor Released an Advisory for CVE-2018-9995?FortiGuard Labs is not aware of a vendor advisory.Has the Vendor Released a Patch for CVE-2018-9995?FortiGuard Labs is not aware of a vendor patch for CVE-2018-9995.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place for CVE-2018-9995:DVR.Cookie.Authentication.BypassAny Suggested Mitigation?Configure DVR’s management interface to be accessible only from trusted IPs.
Detection Spike Observed for DVR Authentication Bypass Vulnerability (CVE-2018-9995)
Read Time:1 Minute, 11 Second