Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dvr vulnerabilities and exploits
(subscribe to this query)
357
VMScore
CVE-2020-11680
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying t...
Castel Nextgen Dvr Firmware 1.0.0
384
VMScore
CVE-2020-11682
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all reque...
Castel Nextgen Dvr Firmware 1.0.0
357
VMScore
CVE-2020-11681
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.
Castel Nextgen Dvr Firmware 1.0.0
NA
CVE-2024-3721
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. Th...
755
VMScore
CVE-2014-4880
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote malicious users to execute arbitrary code via an RTSP PLAY request with a long Authorization header.
Hikvision Dvr Ds-7204 Firmware 2.2.10
1 EDB exploit
755
VMScore
CVE-2009-2306
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a file containing usernames and passwords via a direct request for dvr.ini.
Armassa Ard-9808 Software
Armassa Ard-9808
1 EDB exploit
384
VMScore
CVE-2018-11689
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
Samsung Smartviewer -
Hanwha-security Hrd-1642 Firmware
Hanwha-security Hrd-842 Firmware
Hanwha-security Hrd-442 Firmware
Hanwha-security Hrd-1641 Firmware
Hanwha-security Hrd-841 Firmware
Hanwha-security Hrd-840 Firmware
Hanwha-security Hrd-440 Firmware
Hanwha-security Hrd-443 Firmware
Hanwha-security Srd-1694u Firmware
409
VMScore
CVE-2022-26259
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows malicious users to cause a Denial of Service (DoS) via a crafted RSTP request...
Xiongmaitech Nbd80x16s-kl Firmware 4.03.r11.nat.dss.onvifc.20210727
Xiongmaitech Nbd80x09s-kl Firmware 4.03.r11.nat.dss.onvifc.20210727
Xiongmaitech Nbd80x08s-kl Firmware 4.03.r11.nat.dss.onvifc.20210727
Xiongmaitech Nbd80x09ra-kl Firmware 4.03.r11.nat.dss.onvifc.20210727
Xiongmaitech Ahb80x04r-mh Firmware 4.03.r11.nat.dss.onvifc.20210729
Xiongmaitech Ahb80x04r-mh-v2 Firmware 4.03.r11.nat.dss.onvifc.20210729
Xiongmaitech Ahb80x04-r-mh-v3 Firmware 4.03.r11.nat.dss.onvifc.20210729
Xiongmaitech Ahb80n16t-gs Firmware 4.03.r11.7601.nat.onvifc.20211223
Xiongmaitech Ahb80n32f4-lme Firmware 4.03.r11.7601.nat.onvifc.20211228
Xiongmaitech Nbd90s0vt-qw Firmware 4.03.r11.713g.nat.onvifc.2021
935
VMScore
CVE-2008-4547
Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote malicious users to execute arbitrary code via a long second argument to the TimeSpanFormat method.
Dvrstation Dvrstation Cms 1.0.1.25
1 EDB exploit
785
VMScore
CVE-2009-2305
The ARD-9808 DVR card security camera allows remote malicious users to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.
Armassa Ard-9808 Software
Armassa Ard-9808
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »