13 matches found
CVE-2024-14007
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...
CVE-2018-25126
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
EUVD-2025-199000
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
CVE-2024-14007
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...
CVE-2024-14007
The CVE-2024-14007 entry documents an authentication bypass in Shenzhen TVT NVMS-9000 firmware prior to 1.3.4. An unauthenticated remote attacker can send a crafted TCP payload to the exposed NVMS-9000 control port to invoke privileged administrative queries (e.g., queryBasicCfg, queryUserList, q...
CVE-2024-14007 TVT NVMS-9000 < 1.3.4 Unauthenticated Administrative Queries & Information Disclosure
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...
CVE-2018-25126 TVT NVMS-9000 Hard-coded API Credentials & Command Injection
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
CVE-2018-25126 TVT NVMS-9000 Hard-coded API Credentials & Command Injection
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
VulnCheck KEV: CVE-2024-14007
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...
TVT NVMS-9000 安全漏洞
The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 prior to version 1.3.4, which stems from an OS command injection flaw in the inclusion of hardcoded API credentials and configuration services, which could lead to...
PT-2025-47959
Name of the Vulnerable Software and Affected Versions Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware versions prior to 1.3.4 Description The NVMS-9000 firmware contains a flaw that allows unauthorized remote access. An attacker can send a specially crafted TCP payload to the NVMS-90...
TVT NVMS-9000 安全漏洞
The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 version prior to 1.3.4, which stems from an authentication bypass in the NVMS-9000 control protocol that could lead to the disclosure of sensitive information...
VulnCheck KEV: CVE-2018-25126
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...