CVE-2023-7227 Command Injection vulnerability in SystemK NVR 504/508/516

🗓️ 25 Jan 2024 18:21:39Reported by icscertType

SystemK NVR 504/508/516 Command Injection Vulnerability

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of microprogrammed software in network video recorders like SystemK NVR 504/508/516 arises from the lack of measures taken to clean data at the control level. This allows intruders to execute arbitrary commands.	2 Feb 202400:00	–	bdu_fstec
Circl	CVE-2023-7227	25 Jan 202420:26	–	circl
CNNVD	SystemK NVR Command Injection Vulnerability	25 Jan 202400:00	–	cnnvd
CVE	CVE-2023-7227	25 Jan 202418:21	–	cve
EUVD	EUVD-2023-59408	3 Oct 202520:07	–	euvd
ICS	SystemK NVR 504/508/516	25 Jan 202407:00	–	ics
NVD	CVE-2023-7227	25 Jan 202419:15	–	nvd
OSV	CVE-2023-7227	25 Jan 202419:15	–	osv
Prion	Command injection	25 Jan 202419:15	–	prion
Positive Technologies	PT-2024-1439 · Unknown · Systemk Nvr	25 Jan 202400:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "NVR 504",
    "vendor": "SystemK ",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.5SK.30084998"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NVR 508",
    "vendor": "SystemK ",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.5SK.30084998"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NVR 516",
    "vendor": "SystemK ",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.5SK.30084998"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-025-02

25 Jan 2024 18:21Current

10High risk

Vulners AI Score10

CVSS 3.19.8

EPSS0.00696

CWE-77