CVE-2024-41887 Arbitrary File Overwrite

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the...

PT-2024-29616 · Nvr · Nvr

Name of the Vulnerable Software and Affected Versions: NVR affected versions not specified Description: A security research team, Team ENVY, has discovered a flaw that allows for remote code execution on the NVR. The issue stems from a hardcoded seed string for the encryption key. The manufacture...

PT-2024-29615 · Nvr · Nvr

Name of the Vulnerable Software and Affected Versions: NVR affected versions not specified Description: A flaw has been found that allows for remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur, causing the NVR...

CVE-2023-5038

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...

CVE-2023-5038 Unauthenticated DoS

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...

CVE-2023-5038 Unauthenticated DoS

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...

CVE-2023-5038

CVE-2023-5038 affects Hanwha Vision cameras. An unauthenticated DoS condition exists where a crafted URL can render the web management page unavailable, forcing manual restart or power cycle of the device. The description states a patch firmware has been released by the manufacturer to address th...

CVE-2023-6095

Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the...

CVE-2023-6116

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report...

CVE-2023-6116 Remote Code Execution without authentication using stack overflow

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report...

CVE-2023-6116

Hanwha Vision NVR/DVR remote code execution (CVE-2023-6116) arises from a flaw that allows arbitrary code execution by injecting code into HTTP request parameters. The vulnerability affects Hanwha Vision network video recorders (NVRs) and digital video recorders (DVRs) where the base address of s...

CVE-2023-6116 Remote Code Execution without authentication using stack overflow

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report...

CVE-2023-6096

CVE-2023-6096 affects Hanwha Vision NVR/DVR firmware. The root cause is an inappropriate/encryption logic in the device firmware, which leads to broken encryption and allows decryption of stored or transmitted data. The vulnerability is characterized by potential impacts on confidentiality, integ...

CVE-2023-6096 using a inappropriate encryption logic

Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

CVE-2023-6095

CVE-2023-6095 refers to a remote code execution vulnerability in Hanwha Vision NVR/DVR devices. The flaw allows an attacker to inject malicious HTTP headers into request packets to execute arbitrary code on the device; exploitation details and the specific vulnerable component are not fully enume...

CVE-2023-6095 Remote Code Execution without authentication using memory overflow

Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the...

PT-2024-13932 · Camera · Camera

Name of the Vulnerable Software and Affected Versions: Camera affected versions not specified Description: A flaw has been discovered that allows for an unauthenticated Denial of Service DoS attack on the camera. By running a crafted URL, an attacker can prevent access to the web management page ...

CVE-2023-5037

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for...

Cross-Process Information Leak

Bulletin ID: AMD-SB-7008 Potential Impact: Information disclosure Severity: Medium Summary Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which...

Ubiquiti Inc.: Readonly to Root Privilege Escalation on EdgeSwitch

An authenticated read-only user can execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for these vulnerabilities were included in the...