CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording DVR devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995 CVSS score: 9.8, a critical authentication bypass issue that could b...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

Design/Logic Flaw

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the “JAWS webserver RCE”...

CVE-2016-20016

CVE-2016-20016 affects MVPower CCTV DVR models (e.g., TV-7104HE 1.8.4 115215B9 and TV7108HE). The flaw is a web shell accessible via a /shell URI that lets a remote unauthenticated attacker execute arbitrary OS commands as root. Public sources (NVD, Red Hat advisories, CVE lists) confirm the vuln...

PT-2022-7851

Name of the Vulnerable Software and Affected Versions MVPower CCTV DVR models, including TV-7104HE version 1.8.4 115215B9 and TV7108HE, versions from 2014 through 2019 Description The issue allows a remote unauthenticated attacker to execute arbitrary operating system commands as root via a web...

MVPower DVR Remote Code Execution

A remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request...

MVPower DVR Remote Command Execution

The remote AOST-based network video recorder distributed by MVPower is affected by a remote command execution vulnerability. An unauthenticated remote attacker can use this vulnerability to execute operating system commands as root. This vulnerability has been used by the IoT Reaper botnet. C...

VulnCheck KEV: CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /JAWS/1.0/ def initializeinfo = superupdateinfoinfo, 'Name' = 'MVPower DVR Shell Unauthenticated Command Execution', 'Description' = %q This module...

MVPower DVR TV-7104HE 1.8.4 115215B9 Shell Unauthenticated Command Execution Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string. This Metasploit module was tested successfully on a MVPower model...

MVPower DVR Shell Unauthenticated Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /JAWS/1.0/ def initializeinfo = superupdateinfoinfo, 'Name' = 'MVPower DVR Shell Unauthenticated Command Execution', 'Description' = %q This module...

MVPower DVR Shell Unauthenticated Command Execution

This module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string. This module was tested successfully on a MVPower model TV-7104HE with firmware...