3 matches found
CVE-2025-34036
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...
CVE-2025-34036 Shenzhen TVT CCTV-DVR Command Injection
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...
CVE-2025-34036
The CVE-2025-34036 issue affects white-labeled TVT DVRs’ Cross Web Server, a custom HTTP service listening on TCP ports 81/82. The web UI fails to sanitize the [lang] parameter in the /language/[lang]/index.html path, allowing unsafely used input in a tar extraction command to enable OS command i...