- Description
- Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
- Source
- fc9afe74-3f80-4fb7-a313-e6f036a89882
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 5.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- fc9afe74-3f80-4fb7-a313-e6f036a89882
- CWE-547
- Hype score
- Not currently trending
CVE-2024-41885 Hardcoded Encryption Key Flaw Enables Remote Code Execution in NVR Security Research group, Team ENVY, discovered a flaw in the NVR. This flaw lets someone run code from a distance. The problem was... https://t.co/cf7ZDJLOWK
@VulmonFeeds
24 Dec 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-41885 Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manuf… https://t.co/kyTHyet5nF
@CVEnew
24 Dec 2024
407 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes