Over 55,000 security camera DVRs are vulnerable to an exploit

in #exploit7 years ago

"With CVE-2018-9995, all you need to do is hit the URL for the embedded web-server that controls the device with this cookie header: "Cookie: uid=admin." The DVR then returns the root login and password in the clear. 55,000 devices with this vulnerability have been indexed by the Shodan search engine."

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9995

Via https://boingboing.net/2018/05/08/morzilla.html