Search criteria
6 vulnerabilities found for td-2108ts-hp_firmware by tvt
FKIE_CVE-2025-34036
Vulnerability from fkie_nvd - Published: 2025-06-24 01:15 - Updated: 2025-11-20 22:15
Severity ?
Summary
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
References
| URL | Tags | ||
|---|---|---|---|
| disclosure@vulncheck.com | https://vulncheck.com/advisories/shenzhen-tvt-cctv-dvr-command-injection | Third Party Advisory | |
| disclosure@vulncheck.com | https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html | Exploit, Third Party Advisory | |
| disclosure@vulncheck.com | https://www.exploit-db.com/exploits/39596 | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-cl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDAF6E1-53F7-49AC-A456-E21D951C70DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2108ts-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAE005D-30B5-4C15-BC9C-99200C071E88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-cl-a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB3A090-35D4-46C1-9D7D-39A25C74290C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2108ts-cl-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79C91B0B-0274-44FC-8AD3-804EE8A0788C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2116ts-cl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0AE60F3-013E-4170-9CF1-1E873473A966",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2116ts-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48AD0F7E-2569-430D-8DD4-CBD4C2D9747D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB2C9E5-686F-4A5C-BECA-BE1F6F2F6208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2104ts-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29712812-D665-4761-A344-6C4E197AB8ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91E3AB32-C9C5-4C16-BBA2-AB6C81B5CA02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2108ts-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0CE834-CC63-4AD7-9332-A2047C14CDB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2116ts-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B740C19-656B-4BDD-A25D-C9DB2E425427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2116ts-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F4DD54-7481-4B04-B583-46CDF2C2552C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB0FFFA-B75E-4080-A299-BE841A803723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2104ts-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD931E4-139A-4019-89E3-B98BE7DAD7A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9EB09A-CAD5-4FCA-AED3-4FF98B01F1B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2108ts-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19AC196-4BDC-44E9-BE14-418D4BED8A16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2116te-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E3EC4A-EDD3-48AC-A021-872F9D41F3F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2116te-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD50A1B-E571-43AB-86A0-308A24C4C7E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2704ts-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "494F97B4-3BA8-44A3-A82A-F28964341CCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2704ts-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E206D96-DC01-42F2-A3F9-F5F81A548979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2708ts-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25637F4F-35F3-44D0-9AFD-7E9710E52A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2708ts-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF900D9D-ED0D-4E5D-A6E7-87A45C7B5099",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2716te-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF53CD40-CFCD-4D1D-AF2C-C9AD64C0CAF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2716te-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A922BAA8-47C3-43A0-A56F-0C4A13347B09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2716te-hc-a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75175C42-13D0-436C-AD8E-4946EFE8978B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2716te-hc-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ADADEE-9227-4396-AACA-BF3B3917701C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2716tc-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77389AB7-E330-4A90-98CB-A8456A8AD6AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2716tc-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "621D799E-A233-43F7-809A-CE149CD353F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2732tc-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76F9AEE5-ECEA-4A33-A8F0-5BD02DFCFE1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2732tc-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12267ADD-74AC-4E34-8CE8-0A60334C044F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2716td-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "100AC39C-01D9-4960-8D3B-229F40E5AF5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2716td-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C28FF747-8318-48E1-A598-BE0296615C4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2732td-hc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBE5F63-F2E2-403B-848A-64E6D6C9314E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2732td-hc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD77A5D-7465-4ED0-8975-F40C6315CC15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2704ts-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "774BD618-056E-4560-8F1D-6B894F33BDB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2704ts-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D897FF1-CCAE-4300-97CE-59F855791FF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2708ts-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91D9F589-2E48-41A0-8A57-6A373D595F30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2708ts-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB0609F-2919-49CB-B86E-E8C52A18A0C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2708te-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83D4E081-3971-4A24-894E-23F81F06BA45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2708te-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E3EF01-2AA4-48A9-810D-F0F4FB983E56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2716te-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E29126F9-5059-417B-BE35-35CF938EBC14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2716te-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D1B773-0A43-4934-A334-A57721D216B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2716te-hp-a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "837ED64F-2BE1-48A9-9601-A94A264F3225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2716te-hp-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B681661-ADD3-4E90-9D62-5EDFB3E2FA5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2716tc-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A19ECD6-9599-451B-B38C-2A6E0B80DEB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2716tc-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A90EC0E-E9FD-48A1-B77F-05D7080FA090",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2708te-hk_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B71BB732-77DE-468E-A072-501D04DE14B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2708te-hk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A405E3D-2F68-440D-A38F-3FAB3D06360F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2932td-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6488F32-43C3-463A-8BE7-28CF6104B7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2932td-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E252DD-57A0-4CE9-8AC8-9184E008F7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2004ts-cl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF25392-A70F-496D-8C29-33ECE627C769",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2004ts-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F93DAB-6229-40A0-9056-80DEEFD05439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2004ts-cl-c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A9EF45-F6F0-4B65-A986-85A9BF3B299F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2004ts-cl-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7F5829-E633-4CDE-9442-79BEFEB6DDC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-cl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07B0F4D4-4D1B-4CCF-843F-3E3EA345C9D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2104ts-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26307205-124C-4A1D-B2F2-24504760D79C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-cl-a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D71D5E5-7CD5-4130-9C56-C884E955585D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2104ts-cl-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5326B-46FB-4198-B972-386312B55213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2008ts-cl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00F89A83-DAE0-4442-A721-18C8C2528274",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2008ts-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E481375F-F9B0-42DE-9FBA-8DF3AE2C80C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called \"Cross Web Server\" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en los DVR de marca blanca fabricados por TVT, que afecta a un servicio HTTP personalizado llamado \"Cross Web Server\" que escucha en los puertos TCP 81 y 82. La interfaz web no depura la entrada en la ruta URI enviada a la funci\u00f3n de extracci\u00f3n de idioma. Cuando el servidor procesa una solicitud a /language/[lang]/index.html, utiliza la entrada [lang] de forma insegura en un comando de extracci\u00f3n de tar sin el escape adecuado. Esto permite que un atacante remoto no autenticado inyecte comandos de shell y ejecute comandos arbitrarios como root."
}
],
"id": "CVE-2025-34036",
"lastModified": "2025-11-20T22:15:56.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
},
"published": "2025-06-24T01:15:24.903",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/shenzhen-tvt-cctv-dvr-command-injection"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/39596"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-7339
Vulnerability from fkie_nvd - Published: 2024-08-01 04:15 - Updated: 2024-12-20 17:37
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4 | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.273262 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.273262 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.379373 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| provision-isr | sh-4050a5-5l\(mm\)_firmware | - | |
| provision-isr | sh-4050a5-5l\(mm\)_firmware | 1.3.3.20657b180918.d06.u2\(4a41t\) | |
| provision-isr | sh-4050a5-5l\(mm\)_firmware | 1.3.4.22966b181219.d00.u1\(4a21s\) | |
| provision-isr | sh-4050a5-5l\(mm\)_firmware | 1.3.4.22966b181219.d14.u1\(8a41t\) | |
| provision-isr | sh-4050a5-5l\(mm\)_firmware | 1.3.4.22966b181219.d44.u1\(16a82t\) | |
| provision-isr | sh-4050a5-5l\(mm\)_firmware | 1.3.4.24513b190218.d00.u1\(8a21s\) | |
| provision-isr | sh-4050a5-5l\(mm\)_firmware | 1.3.4.24879b190222.d00.u2\(8a21s\) | |
| provision-isr | sh-4050a5-5l\(mm\) | - | |
| tvt | avision_av108t_firmware | - | |
| tvt | avision_av108t_firmware | 1.3.3.20657b180918.d06.u2\(4a41t\) | |
| tvt | avision_av108t_firmware | 1.3.4.22966b181219.d00.u1\(4a21s\) | |
| tvt | avision_av108t_firmware | 1.3.4.22966b181219.d14.u1\(8a41t\) | |
| tvt | avision_av108t_firmware | 1.3.4.22966b181219.d44.u1\(16a82t\) | |
| tvt | avision_av108t_firmware | 1.3.4.24513b190218.d00.u1\(8a21s\) | |
| tvt | avision_av108t_firmware | 1.3.4.24879b190222.d00.u2\(8a21s\) | |
| tvt | avision_av108t | - | |
| tvt | td-2104ts-cl_firmware | - | |
| tvt | td-2104ts-cl_firmware | 1.3.3.20657b180918.d06.u2\(4a41t\) | |
| tvt | td-2104ts-cl_firmware | 1.3.4.22966b181219.d00.u1\(4a21s\) | |
| tvt | td-2104ts-cl_firmware | 1.3.4.22966b181219.d14.u1\(8a41t\) | |
| tvt | td-2104ts-cl_firmware | 1.3.4.22966b181219.d44.u1\(16a82t\) | |
| tvt | td-2104ts-cl_firmware | 1.3.4.24513b190218.d00.u1\(8a21s\) | |
| tvt | td-2104ts-cl_firmware | 1.3.4.24879b190222.d00.u2\(8a21s\) | |
| tvt | td-2104ts-cl | - | |
| tvt | td-2108ts-hp_firmware | - | |
| tvt | td-2108ts-hp_firmware | 1.3.3.20657b180918.d06.u2\(4a41t\) | |
| tvt | td-2108ts-hp_firmware | 1.3.4.22966b181219.d00.u1\(4a21s\) | |
| tvt | td-2108ts-hp_firmware | 1.3.4.22966b181219.d14.u1\(8a41t\) | |
| tvt | td-2108ts-hp_firmware | 1.3.4.22966b181219.d44.u1\(16a82t\) | |
| tvt | td-2108ts-hp_firmware | 1.3.4.24513b190218.d00.u1\(8a21s\) | |
| tvt | td-2108ts-hp_firmware | 1.3.4.24879b190222.d00.u2\(8a21s\) | |
| tvt | td-2108ts-hp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:provision-isr:sh-4050a5-5l\\(mm\\)_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F0BD8D-86EC-4FDD-8233-F976EDE2E059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:provision-isr:sh-4050a5-5l\\(mm\\)_firmware:1.3.3.20657b180918.d06.u2\\(4a41t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A9FEABE-417A-4C66-9DBE-9134AE578C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:provision-isr:sh-4050a5-5l\\(mm\\)_firmware:1.3.4.22966b181219.d00.u1\\(4a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "837DBE02-ECF9-4339-8B3B-1CD1F1748F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:provision-isr:sh-4050a5-5l\\(mm\\)_firmware:1.3.4.22966b181219.d14.u1\\(8a41t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5337128-593E-4CBB-8FA0-FB247C399356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:provision-isr:sh-4050a5-5l\\(mm\\)_firmware:1.3.4.22966b181219.d44.u1\\(16a82t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "88125319-423B-4C91-9B1C-E342B6AEA298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:provision-isr:sh-4050a5-5l\\(mm\\)_firmware:1.3.4.24513b190218.d00.u1\\(8a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "588453E2-7B29-4E8F-B057-8E9583AB2D1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:provision-isr:sh-4050a5-5l\\(mm\\)_firmware:1.3.4.24879b190222.d00.u2\\(8a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "06716F9E-6E87-45FB-8B7F-D83600556D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:provision-isr:sh-4050a5-5l\\(mm\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE711370-1732-4BAD-B2CE-C0B0516E93F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:avision_av108t_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3480B92A-91A1-4513-89D9-DF9C3C223271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:avision_av108t_firmware:1.3.3.20657b180918.d06.u2\\(4a41t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D5325B77-45BF-4699-B74D-CEBC86879753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d00.u1\\(4a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "45AD5F3A-5C00-4D78-AAB1-84B266E66BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d14.u1\\(8a41t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7319DE1D-9D81-4606-9FE6-EAEB8BA58DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d44.u1\\(16a82t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5F15CBC-553A-4CE4-B093-BFA125D9782E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.24513b190218.d00.u1\\(8a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "613AEF48-C8A6-4921-8E4F-8130673E5703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.24879b190222.d00.u2\\(8a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FDB4193C-20CB-4D46-BBC4-FAA33326BBE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:avision_av108t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "342B2170-958A-47C5-A3BA-DE7A22A1CD6A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-cl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07B0F4D4-4D1B-4CCF-843F-3E3EA345C9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.3.20657b180918.d06.u2\\(4a41t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4FFAF8E9-FF11-487E-8808-611ED540241D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d00.u1\\(4a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "512B7BDB-4310-4206-A273-C5F20C2DB26A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d14.u1\\(8a41t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08BB0DA9-AD29-4776-869E-516BD60FA4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d44.u1\\(16a82t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A69090E6-3C36-45F5-82E7-2656E59039D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.24513b190218.d00.u1\\(8a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FC0C5B90-8FE3-4DE7-AD7C-547D203693C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.24879b190222.d00.u2\\(8a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "898DDB25-73B8-43A1-A5DA-852B40FE1B4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2104ts-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26307205-124C-4A1D-B2F2-24504760D79C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9EB09A-CAD5-4FCA-AED3-4FF98B01F1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.3.20657b180918.d06.u2\\(4a41t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C7B5-04E3-460A-82A6-1D84CEF66E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d00.u1\\(4a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "68520B3C-4986-4569-957C-85B0CA39DB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d14.u1\\(8a41t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7205D233-C959-491B-846D-6A203F5EA443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d44.u1\\(16a82t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9BDA93F9-D661-458C-B89A-2C16A42BEE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.24513b190218.d00.u1\\(8a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E525793F-5F6F-4078-85FC-4A56B5078BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.24879b190222.d00.u2\\(8a21s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A1FB66ED-009B-425E-876E-07D6002DF46F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tvt:td-2108ts-hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19AC196-4BDC-44E9-BE14-418D4BED8A16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) y AVISION DVR AV108T y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /queryDevInfo. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-273262 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-7339",
"lastModified": "2024-12-20T17:37:05.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-08-01T04:15:05.320",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.273262"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?id.273262"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.379373"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-34036 (GCVE-0-2025-34036)
Vulnerability from cvelistv5 – Published: 2025-06-24 01:00 – Updated: 2025-11-20 21:14 X_Known Exploited Vulnerability
VLAI?
Title
Shenzhen TVT CCTV-DVR Command Injection
Summary
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen TVT | CCTV-DVR |
Affected:
0
(semver)
|
Credits
Ophir Harpaz (k1p0d)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34036",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T13:29:49.719646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:29:52.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web Management Interface (language localization handler in HTTP server binary td3520a)"
],
"product": "CCTV-DVR",
"vendor": "Shenzhen TVT",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ophir Harpaz (k1p0d)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called \"Cross Web Server\" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC."
}
],
"value": "An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called \"Cross Web Server\" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:14:28.026Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory",
"exploit",
"technical-description"
],
"url": "https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"
},
{
"tags": [
"third-party-advisory",
"exploit"
],
"url": "https://www.exploit-db.com/exploits/39596"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/shenzhen-tvt-cctv-dvr-command-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "Shenzhen TVT CCTV-DVR Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34036",
"datePublished": "2025-06-24T01:00:52.579Z",
"dateReserved": "2025-04-15T19:15:22.546Z",
"dateUpdated": "2025-11-20T21:14:28.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7339 (GCVE-0-2024-7339)
Vulnerability from cvelistv5 – Published: 2024-08-01 04:00 – Updated: 2024-08-07 14:31
VLAI?
Title
TVT DVR TD-2104TS-CL queryDevInfo information disclosure
Summary
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TVT | DVR TD-2104TS-CL |
Affected:
1.3.3.20657B180918.D06.U2(4A41T)
Affected: 1.3.4.22966B181219.D00.U1(4A21S) Affected: 1.3.4.22966B181219.D14.U1(8A41T) Affected: 1.3.4.22966B181219.D44.U1(16A82T) Affected: 1.3.4.24513B190218.D00.U1(8A21S) Affected: 1.3.4.24879B190222.D00.U2(8A21S) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
netsecfish (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tvt:dvr_td_2014ts_cl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dvr_td_2014ts_cl",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2\\/4A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1\\/4A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1\\/8A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1\\/16A82T\\/"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1\\/8A21S\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:dvr_td_2018ts_hp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dvr_td_2018ts_hp",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2\\/4A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1\\/4A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1\\/8A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1\\/16A82T\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:provision_isr_dvr_sh_4050a5_5l\\/mm\\/:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "provision_isr_dvr_sh_4050a5_5l\\/mm\\/",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2\\/4A41T\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:dvr_td_2014ts_cl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dvr_td_2014ts_cl",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2\\/8A21S\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:dvr_td_2018ts_hp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dvr_td_2018ts_hp",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U\\/(8A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2\\/8A21S\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:provision_isr_dvr_sh_4050a5_5l\\/mm\\/:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "provision_isr_dvr_sh_4050a5_5l\\/mm\\/",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U\\/(4A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1\\/8A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1\\/16A82T\\/"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1\\/8A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2\\/8A21S\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:avision_dvr_av108t:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "avision_dvr_av108t",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2\\/4A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U\\/(4A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1\\/8A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1\\/16A82T\\/"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U\\/8A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2\\/8A21S\\/"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7339",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:22:06.986415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:31:11.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DVR TD-2104TS-CL",
"vendor": "TVT",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2(4A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1(4A21S)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1(8A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1(16A82T)"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1(8A21S)"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2(8A21S)"
}
]
},
{
"product": "DVR TD-2108TS-HP",
"vendor": "TVT",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2(4A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1(4A21S)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1(8A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1(16A82T)"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1(8A21S)"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2(8A21S)"
}
]
},
{
"product": "Provision-ISR DVR SH-4050A5-5L(MM)",
"vendor": "TVT",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2(4A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1(4A21S)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1(8A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1(16A82T)"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1(8A21S)"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2(8A21S)"
}
]
},
{
"product": "AVISION DVR AV108T",
"vendor": "TVT",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2(4A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1(4A21S)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1(8A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1(16A82T)"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1(8A21S)"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2(8A21S)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "netsecfish (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /queryDevInfo. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T04:00:10.091Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273262 | TVT DVR TD-2104TS-CL queryDevInfo information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.273262"
},
{
"name": "VDB-273262 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273262"
},
{
"name": "Submit #379373 | TVT TD-2104TS-CL, TD-2108TS-HP, SH-4050A5-5L(MM), AV108T, ... 1.3.4.22966B181219.D00.U1(4A21S), 1.3.4.22966B181219.D14.U1(8A41T), 1.3.4.22966B181219.D44.U1(16A82T), 1.3.4.24513B190218.D00.U1 Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.379373"
},
{
"tags": [
"exploit"
],
"url": "https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-31T14:40:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "TVT DVR TD-2104TS-CL queryDevInfo information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7339",
"datePublished": "2024-08-01T04:00:10.091Z",
"dateReserved": "2024-07-31T12:34:44.446Z",
"dateUpdated": "2024-08-07T14:31:11.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34036 (GCVE-0-2025-34036)
Vulnerability from nvd – Published: 2025-06-24 01:00 – Updated: 2025-11-20 21:14 X_Known Exploited Vulnerability
VLAI?
Title
Shenzhen TVT CCTV-DVR Command Injection
Summary
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen TVT | CCTV-DVR |
Affected:
0
(semver)
|
Credits
Ophir Harpaz (k1p0d)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34036",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T13:29:49.719646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:29:52.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web Management Interface (language localization handler in HTTP server binary td3520a)"
],
"product": "CCTV-DVR",
"vendor": "Shenzhen TVT",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ophir Harpaz (k1p0d)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called \"Cross Web Server\" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC."
}
],
"value": "An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called \"Cross Web Server\" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:14:28.026Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory",
"exploit",
"technical-description"
],
"url": "https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"
},
{
"tags": [
"third-party-advisory",
"exploit"
],
"url": "https://www.exploit-db.com/exploits/39596"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/shenzhen-tvt-cctv-dvr-command-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "Shenzhen TVT CCTV-DVR Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34036",
"datePublished": "2025-06-24T01:00:52.579Z",
"dateReserved": "2025-04-15T19:15:22.546Z",
"dateUpdated": "2025-11-20T21:14:28.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7339 (GCVE-0-2024-7339)
Vulnerability from nvd – Published: 2024-08-01 04:00 – Updated: 2024-08-07 14:31
VLAI?
Title
TVT DVR TD-2104TS-CL queryDevInfo information disclosure
Summary
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TVT | DVR TD-2104TS-CL |
Affected:
1.3.3.20657B180918.D06.U2(4A41T)
Affected: 1.3.4.22966B181219.D00.U1(4A21S) Affected: 1.3.4.22966B181219.D14.U1(8A41T) Affected: 1.3.4.22966B181219.D44.U1(16A82T) Affected: 1.3.4.24513B190218.D00.U1(8A21S) Affected: 1.3.4.24879B190222.D00.U2(8A21S) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
netsecfish (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tvt:dvr_td_2014ts_cl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dvr_td_2014ts_cl",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2\\/4A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1\\/4A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1\\/8A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1\\/16A82T\\/"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1\\/8A21S\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:dvr_td_2018ts_hp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dvr_td_2018ts_hp",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2\\/4A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1\\/4A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1\\/8A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1\\/16A82T\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:provision_isr_dvr_sh_4050a5_5l\\/mm\\/:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "provision_isr_dvr_sh_4050a5_5l\\/mm\\/",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2\\/4A41T\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:dvr_td_2014ts_cl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dvr_td_2014ts_cl",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2\\/8A21S\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:dvr_td_2018ts_hp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dvr_td_2018ts_hp",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U\\/(8A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2\\/8A21S\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:provision_isr_dvr_sh_4050a5_5l\\/mm\\/:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "provision_isr_dvr_sh_4050a5_5l\\/mm\\/",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U\\/(4A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1\\/8A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1\\/16A82T\\/"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1\\/8A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2\\/8A21S\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:tvt:avision_dvr_av108t:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "avision_dvr_av108t",
"vendor": "tvt",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2\\/4A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U\\/(4A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1\\/8A41T\\/"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1\\/16A82T\\/"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U\\/8A21S\\/"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2\\/8A21S\\/"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7339",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:22:06.986415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:31:11.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DVR TD-2104TS-CL",
"vendor": "TVT",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2(4A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1(4A21S)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1(8A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1(16A82T)"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1(8A21S)"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2(8A21S)"
}
]
},
{
"product": "DVR TD-2108TS-HP",
"vendor": "TVT",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2(4A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1(4A21S)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1(8A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1(16A82T)"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1(8A21S)"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2(8A21S)"
}
]
},
{
"product": "Provision-ISR DVR SH-4050A5-5L(MM)",
"vendor": "TVT",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2(4A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1(4A21S)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1(8A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1(16A82T)"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1(8A21S)"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2(8A21S)"
}
]
},
{
"product": "AVISION DVR AV108T",
"vendor": "TVT",
"versions": [
{
"status": "affected",
"version": "1.3.3.20657B180918.D06.U2(4A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D00.U1(4A21S)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D14.U1(8A41T)"
},
{
"status": "affected",
"version": "1.3.4.22966B181219.D44.U1(16A82T)"
},
{
"status": "affected",
"version": "1.3.4.24513B190218.D00.U1(8A21S)"
},
{
"status": "affected",
"version": "1.3.4.24879B190222.D00.U2(8A21S)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "netsecfish (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /queryDevInfo. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T04:00:10.091Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273262 | TVT DVR TD-2104TS-CL queryDevInfo information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.273262"
},
{
"name": "VDB-273262 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273262"
},
{
"name": "Submit #379373 | TVT TD-2104TS-CL, TD-2108TS-HP, SH-4050A5-5L(MM), AV108T, ... 1.3.4.22966B181219.D00.U1(4A21S), 1.3.4.22966B181219.D14.U1(8A41T), 1.3.4.22966B181219.D44.U1(16A82T), 1.3.4.24513B190218.D00.U1 Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.379373"
},
{
"tags": [
"exploit"
],
"url": "https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-31T14:40:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "TVT DVR TD-2104TS-CL queryDevInfo information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7339",
"datePublished": "2024-08-01T04:00:10.091Z",
"dateReserved": "2024-07-31T12:34:44.446Z",
"dateUpdated": "2024-08-07T14:31:11.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}