Hackers attack a long-standing security hole in CCTV cameras

There is no patch, thus the only option is to replace the TBK DVRs that are infected.

Researchers have warned that a vulnerability that has been present in some digital video recording (DVR) devices for half a decade has unexpectedly resurfaced as an attractive target for threat actors. 

A rise in attacks on TBK DVRs using a publicly accessible proof-of-concept to exploit the CVE-2018-9995 vulnerability has been seen by Fortinet's FortiGuard Labs. Due to a vulnerability that was first identified in 2018, remote attackers are now able to access the target network by avoiding authentication. 

Threat actors would create a malicious HTTP cookie to take advantage of the vulnerability, forcing the endpoint to respond with JSON data including admin credentials. 

numerous impacted devices

"A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges, eventually leading to access to camera video feeds," Fortinet warns.

According to the researchers, over 50,000 attempts to hack into susceptible devices will have been made by April 2023. 

The researchers stated that the fact that there are tens of thousands of TBK DVRs accessible under various brands, publicly available PoC code, and an easy-to-exploit make this vulnerability an easy target for attackers. The recent increase in IPS detections demonstrates that attackers continue to favour network camera equipment as a target.

The worst aspect is that there isn't a patch available to fix the problem. The only way to be safe is to switch to a more recent, actively maintained system. 

Banks, government agencies, and other similar businesses frequently employ these sorts of DVRs as a component of their security surveillance(opens in new tab) solution.

source url