55 matches found
TVT NVMS 1000 - Local File Inclusion
TVT NVMS-1000 devices allow GET /.. local file inclusion attacks. id: CVE-2019-20085 info: name: TVT NVMS 1000 - Local File Inclusion author: daffainfo severity: high description: | TVT NVMS-1000 devices allow GET /.. local file inclusion attacks. impact: | An attacker can exploit this...
TVT DVR Sensitive Device - Information Disclosure
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. id: CVE-2024-7339...
CVE-2019-20085
TVT NVMS-1000 devices allow GET /.. Directory Traversal...
CVE-2018-25126 TVT NVMS-9000 Hard-coded API Credentials & Command Injection
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
TVT NVMS-9000 安全漏洞
The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 prior to version 1.3.4, which stems from an OS command injection flaw in the inclusion of hardcoded API credentials and configuration services, which could lead to...
TVT NVMS-9000 安全漏洞
The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 version prior to 1.3.4, which stems from an authentication bypass in the NVMS-9000 control protocol that could lead to the disclosure of sensitive information...
EUVD-2025-18965
Malicious code in bioql PyPI...
Exploit for Improper Input Validation in Tvt Td-2108Ts-Cl_Firmware
CVE-2025-34036 - TVT DVR Simulation This repository contains...
CVE-2025-34036
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...
CVE-2025-34036
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...
CVE-2025-34036 Shenzhen TVT CCTV-DVR Command Injection
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...
CVE-2025-34036
The CVE-2025-34036 issue affects white-labeled TVT DVRs’ Cross Web Server, a custom HTTP service listening on TCP ports 81/82. The web UI fails to sanitize the [lang] parameter in the /language/[lang]/index.html path, allowing unsafely used input in a tar extraction command to enable OS command i...
CVE-2025-34036 Shenzhen TVT CCTV-DVR Command Injection
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...
TVT DVR 操作系统命令注入漏洞
TVT DVR is a video recorder from China-based Tongwei TVT. TVT DVR suffers from an OS command injection vulnerability, which stems from an un-cleaned language parameter in Cross Web Server that leads to an OS command injection attack...
PT-2025-26663
Name of the Vulnerable Software and Affected Versions: TVT DVR Cross Web Server affected versions not specified Description: An OS command injection issue exists in the custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in...
VulnCheck KEV: CVE-2025-34036
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When...
TVT NVMS-1000 Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TVT NVMS-1000 Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability which exists in...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Provision-Isr Sh-4050A5-5L\(Mm\)_Firmware
CVE-2024-7339: Information Leak Vulnerability in DVR devices...
CVE-2024-7339
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be...
CVE-2024-7339
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be...