Active attack attempts targeting vulnerable CCTV Cameras and DVR systems from multiple vendors such as Argus, Axis, MVPower and Vacron.
FortiGuard Labs observed actively targeted video surveillance systems which may be without any available patches. Some of the attack attempts were peaked to as much as 50,000 IPS devices in the month of April 2023. Learn More »
Common Vulnerabilities and Exposures
Background
Recently, Fortiguard Labs released an Outbreak Alert on TBK DVR systems which had critical level of attack attempts based on our IPS telemetry. We expanded our research on such attacks and have discovered other devices that are being actively targeted and may be without any vendor patch.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
1. CVE-2018-15745: Argus Surveillance DVR 4.0.0.0 Devices- The flaw allows Unauthenticated Directory Traversal leading to file disclosure.
2. CVE-2018-10661 and CVE-2018-10662: Multiple models of Axis IP Cameras- This flaw allows for bypass of Access Control and exposed Insecure Interface which attacker may exploit to gain system access.
3. CVE-2016-20016: MVPower CCTV DVR Models- A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"
4. Vacron NVR Remote Code Execution- Attack against a Command Injection vulnerability in VACRON Network Video Recorder. This vulnerability does not have any assigned CVE yet.
The active exploitation attempts of these surveillance systems mentioned are already protected by IPS signatures and Fortinet customers remain protected from such attacks. FortiGuard Labs further recommends organizations to review affected vendor models and review for any vendor patches where possible.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
Outbreak Detection
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.