CNNVD-202511-2612 Information
CNNVD ID
CNNVD-202511-2612
Related CVE
- CNNVD Published: 2025-11-24
Description (Chinese)
TVT NVMS-9000是中国同为(TVT)公司的一款数字视频录像机。 TVT NVMS-9000 1.3.4之前版本存在安全漏洞,该漏洞源于包含硬编码API凭据和配置服务中存在OS命令注入缺陷,可能导致任意命令执行。
Description (English)
TVT NVMS-9000 is a digital video recorder of the same Chinese company (TVT). There was a security loophole in the previous version of TVT NVMS-90000 1.3.4, which arose out of the OS-injected defects in the API-encoded and configured services, which could lead to arbitrary enforcement.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
同为
Published
2025-11-24
Last Modified
2026-02-24
References
https://github.com/mcw0/PoC/blob/master/TVT_and_OEM_IPC_NVR_DVR_RCE_Backdoor_and_Information_Disclosure.txt https://www.vulncheck.com/advisories/tvt-nvms9000-hardcoded-api-credentials-and-command-injection https://blogs.juniper.net/en-us/threat-research/iot-botnet-exploiting-tvt-shenzhen-dvrs-still-lingers http://en.tvt.net.cn:80/news/227.html https://web.archive.org/web/20180614014914/ https://qkl.seebug.org/vuldb/ssvid-97217 https://access.redhat.com/security/cve/cve-2018-25126