KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2018-9995

PUBLISHED

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which...

Exploited in the wild PoC available Remote Low complexity No user interaction
Vendor
TBK
Product
DVR4104, DVR4216
Published
Apr 10, 2018
EPSS

Description

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

nuclei_scanner

CVSS scores

CVSS v3.0 9.8 Critical

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2025-04-23 00:00:00 UTC · Source

Proof of concept available

Recorded 2018-04-29 20:00:06 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) Apr 28, 2025

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-9995.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

batmoshka55/CVE-2018-9995_dvr_credentials

github · Created 2024-05-09 09:03:42 UTC · 0 stars

arminarab1999/CVE-2018-9995

github · Created 2024-02-09 12:16:26 UTC · 0 stars

Pab450/CVE-2018-9995

github · Created 2023-09-24 17:00:37 UTC · 4 stars

CVE-2018-9995 Exploit Tool for Python3

K3ysTr0K3R/CVE-2018-9995-EXPLOIT

github · Created 2023-08-18 19:42:17 UTC · 7 stars

A PoC exploit for CVE-2018-9995 - DVR Authentication Bypass

LeQuocKhanh2K/Tool_Exploit_Password_Camera_CVE-2018-9995

github · Created 2022-02-18 03:17:31 UTC · 0 stars

kienquoc102/CVE-2018-9995-2

github · Created 2021-06-07 05:57:43 UTC · 4 stars

Saeed22487/CVE-2018-9995

github · Created 2021-03-30 14:27:54 UTC · 1 stars

CVE-2018-9995 هک دوربین مداربسته با آسیب پذیری

b510/CVE-2018-9995-POC

github · Created 2019-12-16 12:05:41 UTC · 1 stars

CVE-2018-9995 POC

likaifeng0/CVE-2018-9995_dvr_credentials-dev_tool

github · Created 2019-09-05 14:45:16 UTC · 0 stars

webcam bug (python)

MrAli-Code/CVE-2018-9995_dvr_credentials

github · Created 2019-06-16 11:18:00 UTC · 1 stars

ABIZCHI/CVE-2018-9995_dvr_credentials

github · Created 2019-05-28 01:05:16 UTC · 0 stars

TateYdq/CVE-2018-9995-ModifiedByGwolfs

github · Created 2019-04-20 08:28:47 UTC · 0 stars

codeholic2k18/CVE-2018-9995

github · Created 2019-01-28 00:16:48 UTC · 1 stars

DVR username password recovery.

gwolfs/CVE-2018-9995-ModifiedByGwolfs

github · Created 2018-05-11 07:05:37 UTC · 2 stars

Huangkey/CVE-2018-9995_check

github · Created 2018-05-09 00:43:24 UTC · 2 stars

DVR系列摄像头批量检测

zzh217/CVE-2018-9995_Batch_scanning_exp

github · Created 2018-05-08 12:07:26 UTC · 4 stars

CVE-2018-9995_Batch_scanning_exp

ezelf/CVE-2018-9995_dvr_credentials

github · Created 2018-04-29 20:00:06 UTC · 536 stars

(CVE-2018-9995) Get DVR Credentials

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel