Lucene search

[email protected]CVE-2021-41419

HistoryJul 18, 2022 - 12:15 a.m.

CVE-2021-41419

2022-07-1800:15:08

CWE-502

[email protected]

web.nvd.nist.gov

cve-2021-41419

qvis nvr

dvr

remote code execution

java deserialization

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.051 Low

EPSS

Percentile

93.0%

JSON

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.

Affected configurations

NVD

Node

qvisdvr_firmwareRange<2021-12-13

AND

qvisdvrMatch-

Node

qvisnvr_firmwareRange<2021-12-13

AND

qvisnvrMatch-

CPENameOperatorVersion
qvis:dvr_firmwareqvis dvr firmwarelt2021-12-13

CPE	Name	Operator	Version
qvis:dvr_firmware	qvis dvr firmware	lt	2021-12-13

References

gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/712ac36c8a08e2698e875169442a23a4

github.com/projectdiscovery/nuclei-templates/blob/master/iot/qvisdvr-deserialization-rce.yaml

twitter.com/Me9187/status/1414904314368348163

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.051 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2021-41419

nvd1 cvelist1 prion1