Lucene search
K

797 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.8 views

CVE-2022-26259

A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service DoS via a crafted RSTP request...

7.8CVSS7AI score0.02382EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.16 views

CVE-2023-45801

Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0...

7.5CVSS7AI score0.00722EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.4 views

Arteco Web Client DVR/NVR 安全特征问题漏洞

Arteco Web Client DVR/NVR is a web management page from Arteco, Italy. A security feature issue vulnerability exists in Arteco Web Client DVR/NVR that stems from insufficient session ID complexity, which could lead to bypassing authentication and accessing live camera streams by brute-force...

9.8CVSS6.8AI score0.00595EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/01/02 12:0 a.m.3 views

Hikvision DVR Improper Privilege Management (CVE-2025-66173)

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...

6.2CVSS5.5AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2025/12/24 8:15 p.m.11 views

CVE-2019-25240

Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...

9.8CVSS0.00406EPSS
Exploits1References3
NVD
NVD
added 2025/12/24 8:15 p.m.4 views

CVE-2019-25236

iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the getjpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/getjpeg endpoint without authentication...

9.8CVSS0.00403EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.4 views

CVE-2019-25240 Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi

Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...

9.8CVSS6.6AI score0.00406EPSS
Exploits1References3
CVE
CVE
added 2025/12/24 7:27 p.m.15 views

CVE-2019-25240

Rifatron 5brid DVR suffers an unauthenticated vulnerability in the animate.cgi script that enables unauthorized access to live video streams via the Mobile Web Viewer by specifying channel numbers. Affected versions include HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504. Root cause is the...

9.8CVSS6.6AI score0.00406EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.3 views

CVE-2019-25236 iSeeQ Hybrid DVR WH-H4 1.03R Unauthenticated Live Stream Disclosure

iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the getjpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/getjpeg endpoint without authentication...

9.8CVSS6.6AI score0.00403EPSS
Exploits1References3
NVD
NVD
added 2025/12/19 7:16 a.m.5 views

CVE-2025-66173

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...

6.2CVSS0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 1:4 p.m.11 views

CVE-2025-65075

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This iss...

6.5CVSS7.1AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 3:30 p.m.5 views

EUVD-2025-203627

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This iss...

8.6CVSS6.6AI score0.0042EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51559

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This iss...

8.6CVSS7.2AI score0.0042EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.4 views

CVE-2021-47707

COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel...

9.3CVSS7.1AI score0.00339EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 9:15 p.m.3 views

CVE-2021-47707

COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel...

9.3CVSS0.00339EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/09 8:40 p.m.3 views

CVE-2021-47710 COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure

COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request ...

8.7CVSS6.5AI score0.00322EPSS
Exploits0References4
CVE
CVE
added 2025/12/09 8:40 p.m.11 views

CVE-2021-47710

CVE-2021-47710 affects COMMAX Smart Home System (Ruvie CCTV Bridge DVR Service). An unauthenticated attacker can disclose RTSP credentials in plain text via the /overview.asp endpoint by issuing a GET request, exposing login credentials and DVR settings. The vulnerability is described with high i...

8.7CVSS6.5AI score0.00322EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/09 8:40 p.m.21 views

CVE-2021-47710 COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure

COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request ...

8.7CVSS0.00322EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/09 8:39 p.m.3 views

CVE-2021-47709 COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS

COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...

8.7CVSS6.6AI score0.00322EPSS
Exploits0References4
CVE
CVE
added 2025/12/09 8:39 p.m.14 views

CVE-2021-47709

CVE-2021-47709 (COMMAX Smart Home System) : An unauthenticated attacker can change configuration and trigger denial-of-service by sending a malformed request to the setconf endpoint. The impact is a network-accessible DoS with high severity (CVSS 4.0 base 8.7, AV:N/AC:L/PR:N/UI:N/VI:N/VC:N/VA:H/S...

8.7CVSS6.6AI score0.00322EPSS
Exploits0References4
Rows per page
Query Builder