45 matches found
Exploit for CVE-2020-25078
ABYSS C2 — HiSilicon DVR Exploit Framework ⚠️ EDUCATIONAL...
CVE-2025-66173
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...
CVE-2025-66173
There is a privilege-escalation vulnerability in Hikvision DVR products caused by improper authentication for the serial port. An attacker with physical access can connect to the affected device and gain access to an unrestricted shell environment. The issue is documented across multiple sources ...
CVE-2025-66173
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...
PT-2025-52415
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...
EUVD-2025-18965
Malicious code in bioql PyPI...
EUVD-2023-51773
Malicious code in bioql PyPI...
CVE-2025-34036
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...
CVE-2025-34036 Shenzhen TVT CCTV-DVR Command Injection
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...
FBI Warns of HiatusRAT Malware Targeting Webcams and DVRs
KEY SUMMARY POINTS The FBI has issued a Private Industry Notification PIN to highlight new malware campaigns targeting…...
Hikvision DVRs Devices Buffer Overflow (CVE-2014-4878)
While processing specified RTSP requests, buffer overflow vulnerabilities may occurs for select Hikvision DVRs, which may result in potential service interruption for users. These issues have been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880...
Hikvision DVRs Devices Buffer Overflow (CVE-2014-4880)
While processing specified RTSP requests, buffer overflow vulnerabilities may occurs for select Hikvision DVRs, which may result in potential service interruption for users. These issues have been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880...
Hikvision DVRs Devices Buffer Overflow (CVE-2014-4879)
While processing specified RTSP requests, buffer overflow vulnerabilities may occurs for select Hikvision DVRs, which may result in potential service interruption for users. These issues have been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880...
Actively Exploited Vulnerability in Hitron DVRs: Fixed, Patches Available
...
CVE-2023-47674
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB...
CVE-2023-47213
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. ...
Authentication flaw
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB...
CVE-2023-47213
First Corporation’s DVRs have a hard-coded password, enabling remote, unauthenticated access to rewrite or obtain device configuration. Affected models include CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB; updates are available only for Late models. For other products, apply t...
CVE-2023-47213
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. ...
CVE-2023-47213
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. ...