Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-7339

Опубликовано: 01 авг. 2024
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Высокий

Описание

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):*:*:*:*:*:*:*
cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):*:*:*:*:*:*:*
cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):*:*:*:*:*:*:*
cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):*:*:*:*:*:*:*
cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):*:*:*:*:*:*:*
cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):*:*:*:*:*:*:*
cpe:2.3:h:provision-isr:sh-4050a5-5l\(mm\):-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:tvt:avision_av108t_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:tvt:avision_av108t_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):*:*:*:*:*:*:*
cpe:2.3:h:tvt:avision_av108t:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:tvt:td-2104ts-cl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):*:*:*:*:*:*:*
cpe:2.3:h:tvt:td-2104ts-cl:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:o:tvt:td-2108ts-hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):*:*:*:*:*:*:*
cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):*:*:*:*:*:*:*
cpe:2.3:h:tvt:td-2108ts-hp:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.89489
Высокий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-vcqx-95xm-6xh4

CVSS3: 5.3
github
больше 1 года назад

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

fstec логотип

BDU:2024-06307

CVSS3: 5.3
fstec
больше 1 года назад

Уязвимость программного обеспечения гибридных HD-видеорегистраторов TD-2104TS-CL, TD-2108TS-HP, TD-2116TE-HP, AV108T, SH-4050A5-5L(MM) и SH-8100A-2L(MM), связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 100%
0.89489
Высокий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200
NVD-CWE-noinfo