漏洞描述
此漏洞允许攻击者通过修改Cookie之后访问特定 DVR 的控制面板,返回此设备的明文管理员凭证。
DVR信息泄露(CVE-2018-9995)
PoC代码
暂无相关漏洞推荐
-
CVE-2018-9995: DVR Authentication Bypass POC
2025-09-01 | DVRDVR,全称为Digital Video Recorder(硬盘录像机),即数字视频录像机。最初由阿根廷研究员发现,通过使用“Cookie: uid = admin”的Cookie标头来访问特定DVR... -
avtech-dvr-exposure: Avtech AVC798HA DVR Information Exposure POC
2025-09-01 | Avtech DVRUnder the /cgi-bin/nobody folder every CGI script can be accessed without authentication. app="... -
CVE-2018-15745: Argus Surveillance DVR 4.0.0.0 - Local File Inclusion POC
2025-08-01 | Argus Surveillance DVRArgus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file d... -
CVE-2018-1000600: Pre-auth Fully-responded SSRF POC
2025-09-01 | Pre-authA exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... -
CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC
2025-09-01 | JenkinsA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier...