EUVD-2026-2754

Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized system-level privileges...

CVE-2021-47707 COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure

COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel...

COMMAX CVD-Axx DVR 安全漏洞

COMMAX CVD-Axx DVR is a series of digital video recorders from the Korean company COMMAX. A security vulnerability exists in COMMAX CVD-Axx DVR version 5.1.4, which stems from a weak default credentials issue that could lead to remote password attacks and RTSP stream leaks...

EUVD-2013-7245

Malware in sbrugna...

EUVD-2025-21741

Malicious code in bioql PyPI...

EUVD-2025-19631

Malicious code in bioql PyPI...

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

CVE-2025-34132

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...

CVE-2025-34132

Summary: CVE-2025-34132 affects LILIN Digital Video Recorder (DVR) devices older than firmware version 2.0b60_20200207. The web service handling NTPUpdate config at /z/zbin/dvr_box does not properly sanitize input in the Server field, allowing a remote attacker to inject and execute arbitrary com...

CVE-2025-34130

CVE-2025-34130 affects LILIN Digital Video Recorder (DVR) devices up to firmware version 2.0b60_20200207. An unauthenticated arbitrary file read via the endpoint /z/zbin/net_html.cgi allows reading sensitive files such as /zconf/service.xml , enabling further attacks including command injection. ...

CVE-2025-34052

An unauthenticated information disclosure vulnerability exists in AVTECH IP cameras, DVRs, and NVRs via Machine.cgi?action=getcapability. Sensitive internal device information such as firmware version, MAC address, and codec support can be accessed without authentication...

CVE-2025-34054

AVTECH DVR devices are affected by CVE-2025-34054, an unauthenticated command injection via Search.cgi?action=cgi_query. The vulnerability stems from using wget without input sanitization, allowing an attacker to inject shell commands through the username or queryb64str parameters and execute the...

CVE-2025-34054 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...

CVE-2025-34051

CVE-2025-34051 describes a server-side request forgery in AVTECH DVR devices. The unauthenticated vulnerability targets /cgi-bin/nobody/Search.cgi?action=cgi_query and lets an attacker supply ip, port, and queryb64str to force the DVR to perform arbitrary HTTP requests, potentially leaking data o...

PT-2025-27539 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH DVR, NVR, and IP camera devices affected versions not specified Description: An OS command injection issue exists within the "adcommand.cgi" endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the...

PT-2025-27538

Name of the Vulnerable Software and Affected Versions: AVTECH DVR devices affected versions not specified Description: An unauthenticated command injection issue exists in AVTECH DVR devices. This is due to the lack of input sanitization when using wget in the "Search.cgi?action=cgi query"...

CVE-2025-34036 Shenzhen TVT CCTV-DVR Command Injection

An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...

CVE-2024-3721

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. Th...

Dahua Security Digital Video Recorders Credentials Management Errors (CVE-2013-3615)

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...