Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2025/06/24 1:0 a.m.21 views

CVE-2025-34036 Shenzhen TVT CCTV-DVR Command Injection

An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...

10CVSS0.26421EPSS
Exploits2References3
CVE
CVE
added 2025/06/24 1:0 a.m.61 views

CVE-2025-34036

The CVE-2025-34036 issue affects white-labeled TVT DVRs’ Cross Web Server, a custom HTTP service listening on TCP ports 81/82. The web UI fails to sanitize the [lang] parameter in the /language/[lang]/index.html path, allowing unsafely used input in a tar extraction command to enable OS command i...

10CVSS7.7AI score0.26421EPSS
In wildExploits2References3Affected Software1
seebug.org
seebug.org
added 2018/04/11 12:0 a.m.3319 views

Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE

Subject: Shenzhen TVT Digital Technology Co. Ltd & OEM DVR/NVR/IPC API RCE Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Python PoC: https://github.com/mcw0/PoC/blob/master/TVT-PoC.py Release date: April 9,...

Exploits0
CERT
CERT
added 2013/10/25 12:0 a.m.92 views

TVT TD-2308SS-B DVR contains a directory traversal vulnerability

Overview TVT TD-2308SS-B DVR and possibly other models contain a directory traversal vulnerability CWE-22. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' TVT TD-2308SS-B DVR and possibly other models running firmware version 3.2.0.P-3520A-00 conta...

7.8CVSS6.6AI score0.10223EPSS
Exploits6References3
Rows per page
Query Builder