New Hacking Tool Lets Users Access DVRs And Their Video Feeds

A new proof-of-concept tool has been released that claims to be able to remotely access thousands of digital video recorders (DVRs). getDVR exploits a vulnerability in two series of DVRs produced by TBK Vision.

Of the main concerns surrounding GetDvR and the associated CVE-2018-9995 vulnerability is the fact that there are many “white label” and rebranded versions of DVR IoT equipment by TBK.

The researcher who produced the proof-of-concept claims there are more than 55,000 vulnerable devices he was able to reach remotely when testing the exploit.

The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995

The website Bleeping Computer reached out yesterday to a few security researchers to assess the tool’s working state and efficacy.

I verified the code, and the script smoothly does what it is advertised, providing plaintext credentials for a variety of DVR models at the press of a button,” Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in IoT security, told Bleeping Computer.

The researcher estimated the number of vulnerable devices to at least a few tens of thousands.

Shodan query
Image via –

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: