CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...

6.9CVSS7.4AI score0.00397EPSS

Exploits0References1

GithubExploit•added 2024/08/05 4:26 p.m.•524 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Provision-Isr Sh-4050A5-5L\(Mm\)_Firmware

CVE-2024-7339: Information Leak Vulnerability in DVR devices...

6.9CVSS5.1AI score0.90307EPSS

Exploits2

Positive Technologies•added 2024/04/26 12:0 a.m.•2 views

PT-2024-14882 · Unknown · Dvr Firmware

Name of the Vulnerable Software and Affected Versions: DVR firmware affected versions not specified Description: A flaw has been discovered in the DVR firmware's encryption logic, which is inappropriate and allows for decryption. The issue was found by Vladimir Kononovich, a security researcher...

8.9CVSS6.5AI score0.01016EPSS

Exploits0References4

Positive Technologies•added 2023/01/03 12:0 a.m.•5 views

PT-2023-15439 · Meritlilin · Merit Lilin Ah55B08 +1

Name of the Vulnerable Software and Affected Versions: Merit LILIN AH55B04 & AH55B08 DVR firm affected versions not specified Description: The issue concerns hard-coded administrator credentials in the DVR firm. An unauthenticated remote attacker can use these credentials to log in to the...

9.8CVSS9.4AI score0.02078EPSS

Exploits0References3

VulnCheck KEV•added 2020/12/01 12:0 a.m.•0 views

VulnCheck KEV: CVE-2013-6023

Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. dot dot in the URI...

7.8CVSS5.9AI score0.2278EPSS

Exploits6References1

OSV•added 2020/02/27 4:15 a.m.•0 views

CVE-2020-3923

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system...

9.8CVSS7.3AI score

Exploits0References2

NVD•added 2020/02/27 4:15 a.m.•6 views

CVE-2020-3924

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system...

10CVSS7.3AI score0.00406EPSS

Exploits0References2

NVD•added 2020/02/27 4:15 a.m.•6 views

CVE-2020-3923

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system...

10CVSS8.8AI score0.0033EPSS

Exploits0References2

OSV•added 2020/02/27 4:15 a.m.•1 views

CVE-2020-3924

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system...

9.8CVSS5.8AI score0.00406EPSS

Exploits0References2

Prion•added 2020/02/27 4:15 a.m.•7 views

Design/Logic Flaw

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system...

10CVSS9.5AI score0.00406EPSS

Exploits0References2Affected Software8

CERT•added 2016/02/17 12:0 a.m.•370 views

Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials

Overview Digital Video Recorders DVRs, security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Description CWE-259: Use of Hard-coded Password- CVE-2015-8286 According to the reporter, DVR devices bas...

10CVSS10AI score0.07115EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by