The vulnerability of the control panel of the microprogrammed software for DVR devices TBK DVR4104 and TBK DVR4216 allows intruders to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of the control panel of the microprogrammed software for TBK DVR devices, TBK DVR4104 and TBK DVR4216, lies in the lack of measures to neutralize special elements during the processing of the Cookie header: uid=admin. Exploiting this vulnerability allows a remote attacker to...

Authentication flaw

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin"...

CVE-2018-9995

CVE-2018-9995 affects TBK DVR4104/DVR4216 and re-branded variants (Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, MDVR Login). Root cause: authentication bypass via a crafted Cookie: uid=admin header, demonstrated by device.rsp?opt=user&cmd=list returning creden...

CVE-2018-9995

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a “Cookie: uid=admin”...