Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TVT NVMS-9000 < 1.3.4 Unauthenticated Administrative Queries & Information Disclosure
Vulnerability Description
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated remote attacker can invoke privileged administrative query commands without valid credentials. Successful exploitation discloses sensitive information including administrator usernames and passwords in cleartext, network and service configuration, and other device details via commands such as queryBasicCfg, queryUserList, queryEmailCfg, queryPPPoECfg, and queryFTPCfg.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
TVT NVMS-9000 安全漏洞
Vulnerability Description
TVT NVMS-9000是中国同为(TVT)公司的一款数字视频录像机。 TVT NVMS-9000 1.3.4之前版本存在安全漏洞,该漏洞源于NVMS-9000控制协议中存在认证绕过,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A