Vulnerability detail
Enriched intelligence for a single CVE
Medium
CVE-2024-3721
PUBLISHEDTBK DVR-4104/DVR-4216 os command injection
- Vendor
- TBK
- Product
- DVR-4104, DVR-4216
- Published
- Apr 13, 2024
- EPSS
- —
Description
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability. Eine kritische Schwachstelle wurde in TBK DVR-4104 and DVR-4216 bis 20240412 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. Mittels dem Manipulieren des Arguments mdb/mdc mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitation status
Exploited in the wild
Recorded 2025-04-22 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- poc
- Automatable
- No
- Technical impact
- partial
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| The Shadowserver (via CIRCL) | Apr 28, 2025 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel