Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
6.7AI Score
0.152EPSS
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
6.5AI Score
0.958EPSS
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command.
8.8CVSS
8.7AI Score
0.001EPSS
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
9.8CVSS
9.6AI Score
0.051EPSS
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration.
7.8CVSS
7.7AI Score
0.0005EPSS
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
7.4CVSS
6.7AI Score
0.0004EPSS