952 matches found
CVE-2025-34055 AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed...
CVE-2025-34053
CVE-2025-34053 affects AVTECH IP cameras, DVRs, and NVRs and stems from the streamd web server. The root cause is misuse of strstr to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints. The CVE’s published metrics indicate a CVSSv4...
CVE-2025-34052
The CVE concerns AVTECH IP cameras, DVRs, and NVRs where an unauthenticated request to Machine.cgi?action=get_capability exposes internal device details (firmware version, MAC address, supported codecs). This is an unauthenticated information-disclosure issue, enabling fingerprinting/Discovery bu...
CVE-2025-34052
...
D-Link Multiple DCS IP Camera Devices Multiple Vulnerabilities (SAP10247)
Multiple D-Link DCS IP camera devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-34042
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...
CVE-2025-34042 Beward N100 IP Camera Remote Command Execution
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...
CVE-2025-34042
CVE-2025-34042 describes an authenticated command-injection vulnerability in Beward N100 IP Camera firmware version M2.1.6.04C014. The issue stems from unsafely embedded ServerName and TimeZone parameters in the servetest CGI page, allowing an authenticated attacker with web-interface access to i...
CVE-2025-34042 Beward N100 IP Camera Remote Command Execution
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...
PT-2025-26991
Name of the Vulnerable Software and Affected Versions: Beward N100 IP Camera version M2.1.6.04C014 Description: An authenticated command injection issue exists via the ServerName and TimeZone parameters in the "servetest" CGI page. An attacker with web interface access can inject arbitrary system...
Beward N100 IP Camera 安全漏洞
Beward N100 IP Camera is an open source camera from Beward, Russia. A security vulnerability exists in Beward N100 IP Camera version M2.1.6.04C014, which is caused by incorrect manipulation of the ServerName and TimeZone parameters in the servetest CGI page, resulting in a command injection attac...
CVE-2023-48978
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...
CVE-2023-48978
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...
CVE-2023-48978
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...
CVE-2023-48978
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...
CVE-2023-48978
CVE-2023-48978 affects NCR ITM Web terminal versions 4.4.0 and 4.4.4. The root cause is improper handling of specially crafted scripts by the IP camera URL component, enabling a remote attacker to execute arbitrary code. The CVSS-3.1 score is 9.8 (CRITICAL) with NETWORK attack vector, no privileg...
CVE-2023-48978
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...
PT-2025-26604 · Ncr · Ncr Itm Web Terminal
Name of the Vulnerable Software and Affected Versions: NCR ITM Web terminal versions 4.4.0 through 4.4.4 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component. Recommendations: For versions 4.4.0 through 4.4.4, consider...
CVE-2024-47789
UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP...
CVE-2024-47790
UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol RTSP version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed...