CVSS: 7.4EPSS: 0%CPEs: 79EXPL: 0CVE-2023-28811
https://notcve.org/view.php?id=CVE-2023-28811
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. Hay un desbordamiento del búfer en la función de recuperación de contraseña de los modelos NVR/DVR de Hikvision. Si se explota, un atacante en la misma red de área local (LAN) podría provocar un mal funcionamiento del dispositivo al enviar paquetes especialmente manipulados a un dispositivo sin parches. • https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-44954
https://notcve.org/view.php?id=CVE-2021-44954
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. En QVIS NVR DVR versiones anteriores a 13-12-2021, un atacante puede escalar los privilegios de un usuario qvisdvr al usuario root al abusar de una configuración errónea de Sudo • https://gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/a670418d51051d4e6513d86e84e8d5b8 https://twitter.com/Me9187/status/1414906288287404039 •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 2CVE-2021-41419
https://notcve.org/view.php?id=CVE-2021-41419
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. QVIS NVR DVR versiones anteriores a 13-12-2021, es vulnerable a una ejecución de código remota por medio de la deserialización de Java • https://gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/712ac36c8a08e2698e875169442a23a4 https://github.com/projectdiscovery/nuclei-templates/blob/master/iot/qvisdvr-deserialization-rce.yaml https://twitter.com/Me9187/status/1414904314368348163 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10514 – iCatch DVR - Command Injection
https://notcve.org/view.php?id=CVE-2020-10514
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. El firmware de iCatch DVR en versiones anteriores a la 20200103 no valida el parámetro de función correctamente, por lo que los atacantes ejecutan comandos arbitrarios. • https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 15%CPEs: 18EXPL: 3CVE-2013-6023 – TVT TD-2308SS-B DVR - Directory Traversal
https://notcve.org/view.php?id=CVE-2013-6023
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en el DVR TVT TD-2308SS-B con firmware 3.2.0.P-3520A-00 y anteriores permite a atacantes remotos leer archivos de su elección a través de .. (punto punto) en el URI. TVT TD-2308SS-B DVR suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/29959 http://alguienenlafisi.blogspot.com/2013/10/dvr-tvt-directory-traversal.html http://www.exploit-db.com/exploits/29959 http://www.kb.cert.org/vuls/id/785838 http://www.securityfocus.com/bid/63360 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •