Published: 06/02/2024 Updated: 13/02/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows malicious users to run arbitrary files by restoring a crafted backup file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ispyconnect agent dvr 5.1.6.0

CVE-2024-22514: Remote Code Execution in Agent DVR Information Description iSpyConnectcom Agent DVR 5160 contains a vulnerability which allows the file triggered by alert commands to be redirected The modification can allow the commands function to trigger any file on the system under the permissions context of the program (root by default) This is done by editing the EXE

CVE-2024-22515 arbitrary file upload and CVE-2024-22514 remote code execution for AgentDVR 5.1.6.0 (Authenticated)

AgentDVR-5160-File-Upload-and-Remote-Code-Execution CVE-2024-22515 arbitrary file upload and CVE-2024-22514 remote code execution for AgentDVR 5160 (Authenticated) (Older versions likely affected) githubcom/Orange-418/CVE-2024-22514-Remote-Code-Execution githubcom/Orange-418/CVE-2024-22515-File-Upload-Vulnerability wwwispyconnectcom/ ww

CWE-22 https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution https://nvd.nist.gov https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution

CVE-2024-22514

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect