Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:B937B52A-641E-434F-B73C-BDA511D6C5A8
HistoryOct 19, 2022 - 12:00 a.m.

CVE-2016-20016

2022-10-1900:00:00
attackerkb.com
17
mvpower cctv dvr
web shell
remote unauthenticated
os command execution
exploited
2017-2022

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.915 High

EPSS

Percentile

98.9%

JSON

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the “JAWS webserver RCE” because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

Related

thn 1
cvelist 2
prion 2
nuclei 1
zdt 1
checkpoint_advisories 1
attackerkb 1
packetstorm 1
kitploit 1
seebug 1
nvd 2
cve 2
openvas 1
thn
thn
Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices
2023-05-03 07:30:00
cvelist
cvelist
CVE-2018-9995
2018-04-10 22:00:00
CVE-2016-20016
2022-10-19 00:00:00
prion
prion
Authentication flaw
2018-04-10 22:29:00
Design/Logic Flaw
2022-10-19 05:15:00
nuclei
nuclei
TBK DVR4104/DVR4216 Devices - Authentication Bypass
2021-04-07 12:33:31
zdt
zdt
TBK DVR4104 / DVR4216 - Credentials Leak Exploit
2018-05-03 00:00:00
checkpoint_advisories
checkpoint_advisories
TBKvision Firmware Authentication Bypass (CVE-2018-9995)
2020-01-23 00:00:00
attackerkb
attackerkb
CVE-2018-9995
2018-04-10 00:00:00
packetstorm
packetstorm
TBK DVR4104 / DVR4216 Credential Disclosure
2018-05-04 00:00:00
kitploit
kitploit
DVR-Exploiter - Bash Script Program Exploit The DVR's Based On CVE-2018-9995
2018-09-24 12:16:00
seebug
seebug
TBK DVR Login Bypass(CVE-2018-9995)
2018-05-02 00:00:00
nvd
nvd
CVE-2016-20016
2022-10-19 05:15:08
CVE-2018-9995
2018-04-10 22:29:00
cve
cve
CVE-2016-20016
2022-10-19 05:15:08
CVE-2018-9995
2018-04-10 22:29:00
openvas
openvas
Multiple DVR Products Authentication Bypass Vulnerability (Apr 2018) - Active Check
2018-05-03 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.915 High

EPSS

Percentile

98.9%

JSON
Related for AKB:B937B52A-641E-434F-B73C-BDA511D6C5A8
thn1cvelist2prion2nuclei1zdt1checkpoint_advisories1attackerkb1packetstorm1kitploit1seebug1nvd2cve2openvas1