CVE-2018-10676 — CRITICAL (9.8)

Vulnerability Description

CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tbkvision	Tbk-Dvr4216 Firmware	-
Tbkvision	Tbk-Dvr4216	-
Tbkvision	Tbk-Dvr4104 Firmware	-
Tbkvision	Tbk-Dvr4104	-

References

http://misteralfa-hack.blogspot.cl/2018/05/0day-dvr-multivendor.htmlExploitThird Party Advisory
http://misteralfa-hack.blogspot.cl/2018/05/0day-dvr-multivendor.htmlExploitThird Party Advisory

FAQ

What is CVE-2018-10676?

CVE-2018-10676 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.r...

How severe is CVE-2018-10676?

CVE-2018-10676 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-10676?

Check the references section above for vendor advisories and patch information. Affected products include: Tbkvision Tbk-Dvr4216 Firmware, Tbkvision Tbk-Dvr4216, Tbkvision Tbk-Dvr4104 Firmware, Tbkvision Tbk-Dvr4104.