CVE-2018-9995

EPSS 94.14% · P100 Updated Feb 21, 2026

Public Exploits 2

ExploitDB · 1 EDB-44577 [remote]

Nuclei · 1 CVE-2018-9995.yaml [template]

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-9995

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

TBK DVR4104和DVR4216 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

TBK DVR4104和DVR4216都是高清数字录像机设备。 TBK DVR4104和DVR4216中存在安全漏洞。远程攻击者可借助Cookie: uid=admin包头利用该漏洞绕过身份验证。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-9995

#	POC Description	Source Link	Shenlong Link
1	(CVE-2018-9995) Get DVR Credentials	https://github.com/ezelf/CVE-2018-9995_dvr_credentials	POC Details
2	CVE-2018-9995_Batch_scanning_exp	https://github.com/zzh217/CVE-2018-9995_Batch_scanning_exp	POC Details
3	DVR系列摄像头批量检测	https://github.com/Huangkey/CVE-2018-9995_check	POC Details
4	None	https://github.com/gwolfs/CVE-2018-9995-ModifiedByGwolfs	POC Details
5	exploit camera with vuln cve-2018-9995 ( Novo, CeNova, QSee, Pulnix, XVR 5 in 1 (title: "XVR Login"), Securus, - Security. Never Compromise !! - Night OWL, DVR Login, HVR Login, MDVR Login )	https://github.com/shacojx/cve-2018-9995	POC Details
6	DVR-Exploiter a Bash Script Program Exploit The DVR's Based on CVE-2018-9995	https://github.com/Cyb0r9/DVR-Exploiter	POC Details
7	DVR username password recovery.	https://github.com/codeholic2k18/CVE-2018-9995	POC Details
8	None	https://github.com/TateYdq/CVE-2018-9995-ModifiedByGwolfs	POC Details
9	None	https://github.com/ABIZCHI/CVE-2018-9995_dvr_credentials	POC Details
10	None	https://github.com/IHA114/CVE-2018-9995_dvr_credentials	POC Details
11	webcam bug (python)	https://github.com/likaifeng0/CVE-2018-9995_dvr_credentials-dev_tool	POC Details
12	CVE-2018-9995 POC	https://github.com/b510/CVE-2018-9995-POC	POC Details
13	Hack The CCTV \| DVRs; Credentials Exposed \| CVE-2018-9995	https://github.com/withmasday/HTC	POC Details
14	Hack The CCTV \| DVRs; Credentials Exposed \| CVE-2018-9995	https://github.com/awesome-consumer-iot/HTC	POC Details
15	CVE-2018-9995 هک دوربین مداربسته با آسیب پذیری	https://github.com/Saeed22487/CVE-2018-9995	POC Details
16	None	https://github.com/kienquoc102/CVE-2018-9995-2	POC Details
17	None	https://github.com/dearpan/cve-2018-9995	POC Details
18	None	https://github.com/LeQuocKhanh2K/Tool_Exploit_Password_Camera_CVE-2018-9995	POC Details
19	None	https://github.com/hoaan1995/CVE-2018-9995	POC Details
20	.NET console application that exploits CVE-2018-9995 vulnerability	https://github.com/ST0PL/DVRFaultNET	POC Details
21	A PoC exploit for CVE-2018-9995 - DVR Authentication Bypass	https://github.com/K3ysTr0K3R/CVE-2018-9995-EXPLOIT	POC Details
22	CVE-2018-9995 Exploit Tool for Python3	https://github.com/Pab450/CVE-2018-9995	POC Details
23	None	https://github.com/MrAli-Code/CVE-2018-9995_dvr_credentials	POC Details
24	None	https://github.com/arminarab1999/CVE-2018-9995	POC Details
25	None	https://github.com/DOCKTYPe19/CVE-2018-9995	POC Details
26	Simple python3 script to automate CVE-2018-9995	https://github.com/X3RX3SSec/DVR_Sploit	POC Details
27	None	https://github.com/batmoshka55/CVE-2018-9995_dvr_credentials	POC Details
28	Este script está creado para mostar usuarios de DVR, VULNERABILIDAD (CVE-2018-9995)	https://github.com/dego905/Cam	POC Details
29	Hack The CCTV \| DVRs; Credentials Exposed \| CVE-2018-9995	https://github.com/wmasday/HTC	POC Details
30	CVE-2018-9995	https://github.com/A-Alabdoo/CVE-DVr	POC Details
31	TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-9995.yaml	POC Details
32	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/DVR%20%E7%99%BB%E5%BD%95%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2018-9995.md	POC Details
33	A tool for scanning DVR systems vulnerable to CVE-2018-9995 credential disclosure. Educational purposes only - demonstrates how attackers exploit authentication bypasses in DVR/IP camera systems. Includes detailed guides for finding, testing, and understanding the vulnerability.	https://github.com/its-anya/DVR_Credential_Scanner	POC Details
34	(CVE-2018-9995) Get DVR Credentials	https://github.com/jameseyes/DVRC	POC Details
35	POC of CVE-2018-9995 written in Rust.	https://github.com/0xDamian/CVE-2018-9995-rs	POC Details
36	exploit camera with vuln cve-2018-9995 ( Novo, CeNova, QSee, Pulnix, XVR 5 in 1 (title: "XVR Login"), Securus, - Security. Never Compromise !! - Night OWL, DVR Login, HVR Login, MDVR Login )	https://github.com/mesutozsoycom/cve-2018-9995	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-9995

请登录查看更多情报信息。

Same Patch Batch · n/a · 2018-04-10 · 34 CVEs total

CVE-2018-9922		idreamsoft iCMS 安全漏洞
CVE-2014-3114		WordPress EZPZ One Click Backup插件安全漏洞
CVE-2014-3999		Horde Horde_Ldap库安全漏洞
CVE-2015-0172		IBM Security SiteProtector System 安全漏洞
CVE-2015-1957		IBM WebSphere MQ 安全漏洞
CVE-2017-14323		Onethink Ueditor 安全漏洞
CVE-2017-14611		Cockpit 安全漏洞
CVE-2017-18100		Atlassian Jira agile wallboard gadget 安全漏洞
CVE-2018-9934		MetInfo 安全漏洞
CVE-2014-2078		Open-Xchange AppSuite 信息泄露漏洞
CVE-2018-9923		idreamsoft iCMS 跨站请求伪造漏洞
CVE-2018-9924		idreamsoft iCMS SQL注入漏洞
CVE-2018-9925		idreamsoft iCMS 跨站脚本漏洞
CVE-2018-9926		WUZHI CMS 跨站请求伪造漏洞
CVE-2018-9927		WUZHI CMS 跨站请求伪造漏洞
CVE-2018-9928		MetInfo 跨站脚本漏洞
CVE-2018-9840		Open Whisper Signal app for iOS 安全漏洞
CVE-2018-9996		GNU Binutils GNU libiberty 安全漏洞
CVE-2014-2073		Dassault Systemes CATIA V5-6R2013 缓存区错误漏洞
CVE-2014-1946		OpenDocMan 安全漏洞

Showing top 20 of 34 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-9995

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-9995

Public Exploits 2

I. Basic Information for CVE-2018-9995

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-9995

III. Intelligence Information for CVE-2018-9995

Exploits & Public PoCs for CVE-2018-9995 (1)

News Coverage for CVE-2018-9995 (1)

Other References for CVE-2018-9995 (2)

Same Patch Batch · n/a · 2018-04-10 · 34 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-9995

Leave a comment