9 matches found
CVE-2026-34005
In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...
CVE-2026-34005
In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...
Arteco Web Client DVR/NVR 安全特征问题漏洞
Arteco Web Client DVR/NVR is a web management page from Arteco, Italy. A security feature issue vulnerability exists in Arteco Web Client DVR/NVR that stems from insufficient session ID complexity, which could lead to bypassing authentication and accessing live camera streams by brute-force...
Arteco Web Client DVR/NVR Session Hijacking
!/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit Vendor: Arteco S.U.R.L. Product web page: https://www.arteco-global.com Affected version: n/a Summary: Arteco DVR/NVR is a mountable industrial surveillance server ideal for those who need to...
Arteco Web Client DVR/NVR Session Hijacking Vulnerability
The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream. !/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute...
Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit
Summary Arteco DVR/NVR is a mountable industrial surveillance server ideal for those who need to manage IP video surveillance designed for medium to large installations that require high performance and reliability. Arteco can handle IP video sources from all major international manufacturers and...
HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Exploit
Exploit Title: HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Exploit Author: Snawoot Vendor Homepage: http://www.hisilicon.com Product Link: http://www.hisilicon.com/en/Products Version: hi3520d Tested on: Linux CVE: N/A References: https://habr.com/en/post/486856/ References:...
Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE
Subject: Shenzhen TVT Digital Technology Co. Ltd & OEM DVR/NVR/IPC API RCE Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Python PoC: https://github.com/mcw0/PoC/blob/master/TVT-PoC.py Release date: April 9,...
Zhejiang uniview technologies security(DVR/NVR)and other monitoring equipment command execution
In file /Interface/DevManage/VM.php in: code area .............. Code omitted.................... // Set the DNS to resolve the server address case 'setDNSServer' : shellexec'echo "nameserver '. 'DNSServerAdrr'.'"'.' /etc/resolv. conf'; 'Code' = 0; getTip; echo jsonencode; break; default :...