797 matches found
CVE-2022-26259
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service DoS via a crafted RSTP request...
CVE-2023-45801
Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0...
Arteco Web Client DVR/NVR 安全特征问题漏洞
Arteco Web Client DVR/NVR is a web management page from Arteco, Italy. A security feature issue vulnerability exists in Arteco Web Client DVR/NVR that stems from insufficient session ID complexity, which could lead to bypassing authentication and accessing live camera streams by brute-force...
Hikvision DVR Improper Privilege Management (CVE-2025-66173)
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...
CVE-2019-25240
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...
CVE-2019-25236
iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the getjpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/getjpeg endpoint without authentication...
CVE-2019-25240 Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...
CVE-2019-25240
Rifatron 5brid DVR suffers an unauthenticated vulnerability in the animate.cgi script that enables unauthorized access to live video streams via the Mobile Web Viewer by specifying channel numbers. Affected versions include HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504. Root cause is the...
CVE-2019-25236 iSeeQ Hybrid DVR WH-H4 1.03R Unauthenticated Live Stream Disclosure
iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the getjpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/getjpeg endpoint without authentication...
CVE-2025-66173
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...
CVE-2025-65075
WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This iss...
EUVD-2025-203627
WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This iss...
PT-2025-51559
WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This iss...
CVE-2021-47707
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel...
CVE-2021-47707
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel...
CVE-2021-47710 COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request ...
CVE-2021-47710
CVE-2021-47710 affects COMMAX Smart Home System (Ruvie CCTV Bridge DVR Service). An unauthenticated attacker can disclose RTSP credentials in plain text via the /overview.asp endpoint by issuing a GET request, exposing login credentials and DVR settings. The vulnerability is described with high i...
CVE-2021-47710 COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request ...
CVE-2021-47709 COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
CVE-2021-47709
CVE-2021-47709 (COMMAX Smart Home System) : An unauthenticated attacker can change configuration and trigger denial-of-service by sending a malformed request to the setconf endpoint. The impact is a network-accessible DoS with high severity (CVSS 4.0 base 8.7, AV:N/AC:L/PR:N/UI:N/VI:N/VC:N/VA:H/S...