CVE-2024-41887
Dec. 24, 2024, 6:15 a.m.
Tags
Product(s) Impacted
NVR
Description
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Weaknesses
CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE ID: 20Date
Published: Dec. 24, 2024, 6:15 a.m.
Last Modified: Dec. 24, 2024, 6:15 a.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
fc9afe74-3f80-4fb7-a313-e6f036a89882