Argentinian security researcher Ezequiel Fernandez has published a powerful new tool that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems. The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered by Fernandez at the start of last month. Fernandez discovered that by accessing the control panel of specific DVRs with a cookie header of “Cookie: uid=admin
Source: