Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
History

Tue, 24 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 24 Dec 2024 05:30:00 +0000

Type Values Removed Values Added
Description Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Title Arbitrary File Overwrite
Weaknesses CWE-20
CWE-22
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Hanwha_Vision

Published: 2024-12-24T05:20:40.653Z

Updated: 2024-12-24T16:54:31.051Z

Reserved: 2024-07-23T00:24:03.861Z

Link: CVE-2024-41887

cve-icon Vulnrichment

Updated: 2024-12-24T16:48:49.722Z

cve-icon NVD

Status : Received

Published: 2024-12-24T06:15:34.473

Modified: 2024-12-24T06:15:34.473

Link: CVE-2024-41887

cve-icon Redhat

No data.