VYPR
Vendor

Tvt

Products
7
CVEs
13
Across products
16
Status
Private

Products

7

Recent CVEs

13
  • CVE-2019-20085HigKEVDec 30, 2019
    risk 0.71cvss 7.5epss 0.96

    TVT NVMS-1000 devices allow GET /.. Directory Traversal

  • CVE-2025-34036CriJun 24, 2025
    risk 0.66cvss 9.8epss 0.25

    An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction…

  • CVE-2025-34054CriJul 1, 2025
    risk 0.65cvss epss 0.03

    An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as…

  • CVE-2023-6095HigApr 26, 2024
    risk 0.58cvss 8.9epss 0.01

    Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please…

  • CVE-2023-6096HigApr 26, 2024
    risk 0.48cvss 7.4epss 0.00

    Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for…

  • CVE-2025-34053MedJul 1, 2025
    risk 0.45cvss epss 0.01

    An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.

  • CVE-2025-34051MedJul 1, 2025
    risk 0.45cvss epss 0.01

    A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make…

  • CVE-2024-7339MedAug 1, 2024
    risk 0.37cvss 5.3epss 0.32

    A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure.…

  • CVE-2025-34050MedJul 1, 2025
    risk 0.33cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the…

  • CVE-2013-6023Nov 2, 2013
    risk 0.04cvss epss 0.10

    Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.

  • CVE-2025-66174Dec 19, 2025
    risk 0.00cvss epss 0.00

    There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series…

  • CVE-2025-66173Dec 19, 2025
    risk 0.00cvss epss 0.00

    There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to…

  • CVE-2025-63408Nov 18, 2025
    risk 0.00cvss epss 0.00

    Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request (SSRF), or execute OS commands.