CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41882 – Stack based buffer overflow
https://notcve.org/view.php?id=CVE-2024-41882
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. Team ENVY, un equipo de investigación de seguridad, ha encontrado una falla que permite la ejecución remota de código en el NVR. Un atacante puede provocar ... • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41883 – Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2024-41883
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. Team ENVY, un equipo de investigación de seguridad, ha encontrado una falla que permite la ejecución remota de código en el NVR. Un atacante ingr... • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41884 – Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2024-41884
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. Team ENVY, un equipo de investigación de seguridad, ha encontrado una falla que permite la ejecución remota de código en el NVR. Si un atacante no ... • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41885 – Hardcoding sensitive information
https://notcve.org/view.php?id=CVE-2024-41885
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. Team ENVY, un equipo de investigación de seguridad, ha encontrado una falla que permite la ejecución remota de código en el NVR. La cadena inicial para la clave de cifrado estaba codificada. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-547: Use of Hard-coded, Security-relevant Constants •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41886 – Improper Input Validation
https://notcve.org/view.php?id=CVE-2024-41886
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. Team ENVY, un equipo de investigación de seguridad, ha encontrado una falla que permite la ejecución remota de código en el NVR. Un atacante podría inyectar datos con formato incorrecto en los... • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41887 – Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2024-41887
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. Team ENVY, un equipo de investigación de seguridad, ha encontrado una falla que permite la ejecución remota de código en el NVR. Un atacan... • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •