Hacking Tool Gives Users Access to Feeds from Various DVR Brands
Last Wednesday, an Argentinian security researcher published a tool that can extract plaintext credentials for various DVR brands which attackers can use to gain access to those systems their video feeds.
Ezequiel Fernandez says that his getDVR_Credentials tool is a “proof-of-concept” for the CVE-2018-9995 vulnerability that affects DVR devices manufactured by TBK. However, Fernandez expanded his list to include other brands, with some selling rebranded TBK DVR4104 and 4216 models.
Using Shodan, a search engine used to find vulnerable devices, Fernandez showed that at least a few tens of thousands are affected by the issue around the world.
Source: Bleeping Computer