Lucene search
K

952 matches found

Cvelist
Cvelist
added 2025/07/01 2:46 p.m.11 views

CVE-2025-34055 AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed...

9.4CVSS0.01531EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:45 p.m.29 views

CVE-2025-34053

CVE-2025-34053 affects AVTECH IP cameras, DVRs, and NVRs and stems from the streamd web server. The root cause is misuse of strstr to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints. The CVE’s published metrics indicate a CVSSv4...

6.9CVSS6.8AI score0.0055EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:44 p.m.20 views

CVE-2025-34052

The CVE concerns AVTECH IP cameras, DVRs, and NVRs where an unauthenticated request to Machine.cgi?action=get_capability exposes internal device details (firmware version, MAC address, supported codecs). This is an unauthenticated information-disclosure issue, enabling fingerprinting/Discovery bu...

6.4AI score
Exploits0
Cvelist
Cvelist
added 2025/07/01 2:44 p.m.9 views

CVE-2025-34052

...

Exploits0
OpenVAS
OpenVAS
added 2025/06/27 12:0 a.m.11 views

D-Link Multiple DCS IP Camera Devices Multiple Vulnerabilities (SAP10247)

Multiple D-Link DCS IP camera devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.09972EPSS
Exploits8References10
NVD
NVD
added 2025/06/26 4:15 p.m.13 views

CVE-2025-34042

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

9.4CVSS0.01763EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/06/26 3:51 p.m.11 views

CVE-2025-34042 Beward N100 IP Camera Remote Command Execution

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

9.4CVSS0.01763EPSS
Exploits1References7
CVE
CVE
added 2025/06/26 3:51 p.m.31 views

CVE-2025-34042

CVE-2025-34042 describes an authenticated command-injection vulnerability in Beward N100 IP Camera firmware version M2.1.6.04C014. The issue stems from unsafely embedded ServerName and TimeZone parameters in the servetest CGI page, allowing an authenticated attacker with web-interface access to i...

9.4CVSS8.2AI score0.01763EPSS
In wildExploits1References7
Vulnrichment
Vulnrichment
added 2025/06/26 3:51 p.m.6 views

CVE-2025-34042 Beward N100 IP Camera Remote Command Execution

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

9.4CVSS8.2AI score0.01763EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.8 views

PT-2025-26991

Name of the Vulnerable Software and Affected Versions: Beward N100 IP Camera version M2.1.6.04C014 Description: An authenticated command injection issue exists via the ServerName and TimeZone parameters in the "servetest" CGI page. An attacker with web interface access can inject arbitrary system...

9.4CVSS8.1AI score0.01763EPSS
Exploits1References13
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

Beward N100 IP Camera 安全漏洞

Beward N100 IP Camera is an open source camera from Beward, Russia. A security vulnerability exists in Beward N100 IP Camera version M2.1.6.04C014, which is caused by incorrect manipulation of the ServerName and TimeZone parameters in the servetest CGI page, resulting in a command injection attac...

9.4CVSS7.1AI score0.01763EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/06/25 12:53 a.m.7 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

9.8CVSS8.1AI score0.00903EPSS
Exploits1References1
NVD
NVD
added 2025/06/23 3:15 p.m.6 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

9.8CVSS0.00903EPSS
Exploits1References2
OSV
OSV
added 2025/06/23 3:15 p.m.4 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

9.8CVSS6.1AI score0.00903EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/23 12:0 a.m.12 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

0.00903EPSS
Exploits1References2
CVE
CVE
added 2025/06/23 12:0 a.m.27 views

CVE-2023-48978

CVE-2023-48978 affects NCR ITM Web terminal versions 4.4.0 and 4.4.4. The root cause is improper handling of specially crafted scripts by the IP camera URL component, enabling a remote attacker to execute arbitrary code. The CVSS-3.1 score is 9.8 (CRITICAL) with NETWORK attack vector, no privileg...

9.8CVSS7.5AI score0.00903EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/23 12:0 a.m.3 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

8AI score0.00903EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.5 views

PT-2025-26604 · Ncr · Ncr Itm Web Terminal

Name of the Vulnerable Software and Affected Versions: NCR ITM Web terminal versions 4.4.0 through 4.4.4 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component. Recommendations: For versions 4.4.0 through 4.4.4, consider...

9.8CVSS7.4AI score0.00903EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.3 views

CVE-2024-47789

UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP...

8.7CVSS7.2AI score0.00342EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.5 views

CVE-2024-47790

UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol RTSP version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed...

8.7CVSS7.2AI score0.00472EPSS
Exploits0References1
Rows per page
Query Builder