A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SO_S_T_R_E_A_MAX_. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated...
6.3CVSS
6.9AI Score
0.0005EPSS
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup...
8.8CVSS
8.4AI Score
0.0005EPSS
Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio...
8.8CVSS
8.6AI Score
0.001EPSS
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin...
7.5CVSS
7.4AI Score
0.0005EPSS
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin...
7.5CVSS
7.4AI Score
0.0005EPSS
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin...
7.5CVSS
7.4AI Score
0.0005EPSS
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin...
7.5CVSS
7.4AI Score
0.0005EPSS
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin...
7.5CVSS
7.4AI Score
0.0005EPSS
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin...
7.5CVSS
7.4AI Score
0.0005EPSS
Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before...
7.5CVSS
7.5AI Score
0.001EPSS
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched...
7.4CVSS
6.7AI Score
0.0004EPSS
Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified...
7.5CVSS
7.6AI Score
0.001EPSS
Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified...
6.5CVSS
6.5AI Score
0.001EPSS
Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt...
9.8CVSS
9.4AI Score
0.003EPSS
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a...
7.3AI Score
0.001EPSS
Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web...
6.2AI Score
0.007EPSS
9.8CVSS
9.6AI Score
0.051EPSS
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo...
7.8CVSS
7.7AI Score
0.0005EPSS
5.5CVSS
5.6AI Score
0.001EPSS
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP...
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the...
6.5CVSS
6.4AI Score
0.001EPSS
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional.....
8.8CVSS
8.9AI Score
0.005EPSS
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store,...
6.5CVSS
6.4AI Score
0.001EPSS
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP...
8.1CVSS
7.9AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary...
8.8CVSS
8.7AI Score
0.001EPSS
The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary...
8.8CVSS
6.5AI Score
0.001EPSS
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port...
9.8CVSS
9.7AI Score
0.013EPSS
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the...
9.8CVSS
9.6AI Score
0.003EPSS
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the...
9.8CVSS
9.5AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.126EPSS
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device...
7.5CVSS
7.5AI Score
0.971EPSS
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE...
Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user...
8.1CVSS
7.9AI Score
0.007EPSS
The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID...
7.1AI Score
0.002EPSS
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization...
8.1AI Score
0.953EPSS
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port...
6.5AI Score
0.958EPSS
Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP...
9.6AI Score
0.056EPSS
Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers...
9.6AI Score
0.056EPSS
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the...
6.7AI Score
0.152EPSS
DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web...
7.9AI Score
0.013EPSS
The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x"...
6.7AI Score
0.06EPSS
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for...
6.3AI Score
0.066EPSS
Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
6.4AI Score
0.001EPSS
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network...
6.8AI Score
0.023EPSS
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to...
8.1AI Score
0.057EPSS
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5)...
7.1AI Score
0.035EPSS
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying...
7.4AI Score
0.015EPSS
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double...
6.7AI Score
0.024EPSS