CVSS: 7.4EPSS: 0%CPEs: 79EXPL: 0CVE-2023-28811
https://notcve.org/view.php?id=CVE-2023-28811
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. Hay un desbordamiento del búfer en la función de recuperación de contraseña de los modelos NVR/DVR de Hikvision. Si se explota, un atacante en la misma red de área local (LAN) podría provocar un mal funcionamiento del dispositivo al enviar paquetes especialmente manipulados a un dispositivo sin parches. • https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-44954
https://notcve.org/view.php?id=CVE-2021-44954
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. En QVIS NVR DVR versiones anteriores a 13-12-2021, un atacante puede escalar los privilegios de un usuario qvisdvr al usuario root al abusar de una configuración errónea de Sudo • https://gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/a670418d51051d4e6513d86e84e8d5b8 https://twitter.com/Me9187/status/1414906288287404039 •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 2CVE-2021-41419
https://notcve.org/view.php?id=CVE-2021-41419
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. QVIS NVR DVR versiones anteriores a 13-12-2021, es vulnerable a una ejecución de código remota por medio de la deserialización de Java • https://gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/712ac36c8a08e2698e875169442a23a4 https://github.com/projectdiscovery/nuclei-templates/blob/master/iot/qvisdvr-deserialization-rce.yaml https://twitter.com/Me9187/status/1414904314368348163 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10514 – iCatch DVR - Command Injection
https://notcve.org/view.php?id=CVE-2020-10514
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. El firmware de iCatch DVR en versiones anteriores a la 20200103 no valida el parámetro de función correctamente, por lo que los atacantes ejecutan comandos arbitrarios. • https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 95%CPEs: 2EXPL: 3CVE-2013-6117 – Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-6117
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. Dahua DVR 2.608.0000.0 y 2.608.GV00.0 permite a atacantes remotos evadir la autenticación y obtener información sensible que incluye las credenciales de usarios, cambiar las contraseñas de usuarios, limpiar los ficheros de registros y realizar otras acciones a través de una solicitud al puerto TCP 37777. • https://www.exploit-db.com/exploits/29673 https://github.com/milo2012/CVE-2013-6117 http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html http://packetstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.html http://seclists.org/bugtraq/2013/Nov/62 http://www.exploit-db.com/exploits/29673 http://www.osvdb.org/99783 • CWE-287: Improper Authentication •