CVE-2018-10734
📋 TL;DR
KONGTOP DVR devices contain a backdoor function that prints login passwords when called, allowing unauthorized access to device credentials. This affects specific KONGTOP DVR models (A303, A403, D303, D305, D403) used for video surveillance systems. Attackers can exploit this to gain administrative access to the DVR systems.
💻 Affected Systems
- KONGTOP DVR A303
- KONGTOP DVR A403
- KONGTOP DVR D303
- KONGTOP DVR D305
- KONGTOP DVR D403
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of DVR systems leading to unauthorized video surveillance access, data exfiltration, device takeover for botnet participation, and physical security breaches.
Likely Case
Unauthorized access to DVR systems allowing viewing/manipulation of surveillance footage, configuration changes, and potential lateral movement to connected networks.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external exploitation.
🎯 Exploit Status
Python proof-of-concept available on GitHub demonstrates password extraction via backdoor function call.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Consider replacing affected devices with secure alternatives from reputable vendors.
🔧 Temporary Workarounds
Network Segmentation
allIsolate DVR devices on separate VLANs with strict firewall rules preventing external access.
Access Control Lists
allImplement IP-based access restrictions allowing only authorized management stations to communicate with DVR devices.
🧯 If You Can't Patch
- Replace affected KONGTOP DVR devices with secure alternatives from reputable vendors
- Implement strict network segmentation and firewall rules to prevent any external access to DVR devices
🔍 How to Verify
Check if Vulnerable:
Check device model against affected list (A303, A403, D303, D305, D403). Test with available PoC script if in controlled environment.Check Version:
Check device web interface or serial console for model and firmware informationVerify Fix Applied:
Verify device replacement with secure alternative or test that network controls prevent exploitation.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts
- Access from unexpected IP addresses
- Configuration changes without authorization
Network Indicators:
- Unexpected traffic to DVR management ports
- Traffic patterns matching PoC exploitation
SIEM Query:
source_ip IN (dvr_management_ips) AND (event_type="authentication" OR event_type="configuration_change")🔗 References
- https://github.com/hucmosin/MyBook/blob/master/KONGTOP_DVR_devices_vulnerability_report-CVE-2018-10734.pdf
- https://github.com/hucmosin/MyBook/blob/master/fu/DVR.pdf
- https://github.com/hucmosin/Python_Small_Tool/blob/master/other/DVR_POC.py
- https://github.com/hucmosin/MyBook/blob/master/KONGTOP_DVR_devices_vulnerability_report-CVE-2018-10734.pdf
- https://github.com/hucmosin/MyBook/blob/master/fu/DVR.pdf
- https://github.com/hucmosin/Python_Small_Tool/blob/master/other/DVR_POC.py
