Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Home / Threat Intelligence bulletins / Threat actors target critical TBK digital video recording system vulnerability

Target Industry

TBK Vision products are deployed in the following industry sectors:

– Financial

– Government

– Retail.

Overview

Threat actors are actively exploiting an unpatched bypass vulnerability in TBK digital video recording (DVR) systems, tracked as CVE-2018-9995 (CVSSv3 Score: 9.8 – Critical). As per recent reporting, there have been more than 50,000 attempts to exploit vulnerable TBK DVR systems.

A Proof-of-Concept (PoC) exploit code has been released to target a vulnerability in the affected servers. The exploit uses a maliciously crafted HTTP cookie, with vulnerable systems responding with administrator credentials in the form of JSON data.

Impact

Successful exploitation of CVE-2018-9995 allows threat actors to bypass authentication on the target system and obtain administrative privileges, ultimately leading access camera video feeds.

Affected Products

– TBK DVR4104 and TBK DVR4216 systems

Containment, Mitigations & Remediations

At the time of writing, a security update has not been released for this vulnerability. It is therefore strongly recommended that users replace vulnerable systems with supported models or isolate them from the internet to prevent unauthorised access.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are currently available.

Threat Landscape

Due to the fact that DVR systems are typically located on internal networks, this makes them an attractive target to threat actors who can exploit them for the purposes of initial access and data theft. Reporting has indicated that there has been a recent increase in attempted exploits of TBK DVR devices.

TBK has a significant portion of the surveillance camera market share. Threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on. As a result, the TBK products have become a prime target. Due to the fact that these camera models have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within these devices for the purposes of data extraction.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactic:

TA0004 – Privilege Escalation

Further Information

Proof-of-Concept Exploit Code

Fortinet Report

 

Intelligence Terminology Yardstick