Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dvr vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-11679
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by ...
Castel Nextgen Dvr Firmware 1.0.0
4
CVSSv2
CVE-2020-11680
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying t...
Castel Nextgen Dvr Firmware 1.0.0
4.3
CVSSv2
CVE-2020-11682
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all reque...
Castel Nextgen Dvr Firmware 1.0.0
NA
CVE-2024-3721
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. Th...
7.5
CVSSv2
CVE-2014-4880
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote malicious users to execute arbitrary code via an RTSP PLAY request with a long Authorization header.
Hikvision Dvr Ds-7204 Firmware 2.2.10
1 EDB exploit
7.5
CVSSv2
CVE-2009-2306
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a file containing usernames and passwords via a direct request for dvr.ini.
Armassa Ard-9808 Software
Armassa Ard-9808
1 EDB exploit
4.6
CVSSv2
CVE-2022-26259
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows malicious users to cause a Denial of Service (DoS) via a crafted RSTP request...
Xiongmaitech Nbd80x16s-kl Firmware 4.03.r11.nat.dss.onvifc.20210727
Xiongmaitech Nbd80x09s-kl Firmware 4.03.r11.nat.dss.onvifc.20210727
Xiongmaitech Nbd80x08s-kl Firmware 4.03.r11.nat.dss.onvifc.20210727
Xiongmaitech Nbd80x09ra-kl Firmware 4.03.r11.nat.dss.onvifc.20210727
Xiongmaitech Ahb80x04r-mh Firmware 4.03.r11.nat.dss.onvifc.20210729
Xiongmaitech Ahb80x04r-mh-v2 Firmware 4.03.r11.nat.dss.onvifc.20210729
Xiongmaitech Ahb80x04-r-mh-v3 Firmware 4.03.r11.nat.dss.onvifc.20210729
Xiongmaitech Ahb80n16t-gs Firmware 4.03.r11.7601.nat.onvifc.20211223
Xiongmaitech Ahb80n32f4-lme Firmware 4.03.r11.7601.nat.onvifc.20211228
Xiongmaitech Nbd90s0vt-qw Firmware 4.03.r11.713g.nat.onvifc.2021
4.3
CVSSv2
CVE-2018-11689
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
Samsung Smartviewer -
Hanwha-security Hrd-1642 Firmware
Hanwha-security Hrd-842 Firmware
Hanwha-security Hrd-442 Firmware
Hanwha-security Hrd-1641 Firmware
Hanwha-security Hrd-841 Firmware
Hanwha-security Hrd-840 Firmware
Hanwha-security Hrd-440 Firmware
Hanwha-security Hrd-443 Firmware
Hanwha-security Srd-1694u Firmware
9.3
CVSSv2
CVE-2008-4547
Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote malicious users to execute arbitrary code via a long second argument to the TimeSpanFormat method.
Dvrstation Dvrstation Cms 1.0.1.25
1 EDB exploit
7.8
CVSSv2
CVE-2009-2305
The ARD-9808 DVR card security camera allows remote malicious users to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.
Armassa Ard-9808 Software
Armassa Ard-9808
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »