Hacking Tool Gives Users Access to Feeds from Various DVR Brands

Last Wednesday, an Argentinian security researcher published a tool that can extract plaintext credentials for various DVR brands which attackers can use to gain access to those systems their video feeds.

Ezequiel Fernandez says that his getDVR_Credentials tool is a “proof-of-concept” for the CVE-2018-9995 vulnerability that affects DVR devices manufactured by TBK. However, Fernandez expanded his list to include other brands, with some selling rebranded TBK DVR4104 and 4216 models.

Using Shodan, a search engine used to find vulnerable devices, Fernandez showed that at least a few tens of thousands are affected by the issue around the world.

Source: Bleeping Computer

Post a Comment