Summary: A significant increase in cyber attacks targeting TVT NVMS9000 DVRs has been reported, with over 2,500 unique attacking IP addresses identified in a single day. The vulnerability allows attackers to gain administrative control, risking manipulation of surveillance systems and potential DDoS attacks from the Mirai botnet. Organizations are urged to take immediate protective measures against these threats.
Affected: TVT Digital Technology Co., Ltd. – TVT NVMS9000 DVRs
Keypoints :
- A surge in exploitation attempts began on March 31, 2025, peaking at over 2,500 attacking IPs on April 3rd.
- The vulnerability allows for manipulation of video footage and could facilitate larger coordinated attacks.
- Majority of attacking IPs originate from the Asia-Pacific region, targeting systems primarily in the United States and Europe.
- Organizations should block malicious IPs, apply patches, restrict public access, monitor networks, and enhance threat intelligence.
Source: https://securityonline.info/tvt-dvrs-under-siege-massive-exploitation-attempts-expose-critical-flaw/