CVE-2024-41885

Published: Dic 24, 2024 Last Modified: Dic 24, 2024 EU-VD ID: EUVD-2024-38911

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,6

Source: fc9afe74-3f80-4fb7-a313-e6f036a89882

Attack Vector: local

Attack Complexity: high

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0007

Percentile

0,2th

Updated

EPSS Score Trend (Last 90 Days)

547

Use of Hard-coded, Security-relevant Constants

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Varies By Context Quality Degradation Reduce Maintainability

Applicable Platforms

All platforms may be affected

View CWE Details

https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR…

https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Repor…

CVE-2024-41885

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Use of Hard-coded, Security-relevant Constants

Common Consequences

Applicable Platforms

Iscriviti alla newsletter