Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR (digital video recording) devices.
DVRs are an integral part of security surveillance systems as they record and store video recorded by cameras. TBK Vision’s website claims its products are deployed in banks, government organizations, the retail industry, and more.
As these DVR servers are used to store sensitive security footage, they are usually located on internal networks to prevent unauthorized access to the recorded video. Unfortunately, this makes them attractive to threat actors who can exploit them for initial access to corporate networks and to steal data.
Fortinet’s FortiGard Labs reports seeing an uptick in hacking attempts on TBK DVR devices recently, with the threat actors using a publicly available proof of concept (PoC) exploit to target a vulnerability in the servers.