Back to KEVs

CVE-2024-7339

TVT DVR TD-2104TS-CL queryDevInfo information disclosure

Basic Information

CVE State
PUBLISHED
Reserved Date
July 31, 2024
Published Date
August 01, 2024
Last Updated
August 07, 2024
Vendor
TVT
Product
DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM), AVISION DVR AV108T
Description
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /queryDevInfo. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
Tags
nuclei_scanner

CVSS Scores

CVSS v4.0

6.9 - MEDIUM

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS v3.1

5.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v3.0

5.3 - MEDIUM

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SSVC Information

Exploitation
poc
Automatable
Yes
Technical Impact
partial

Exploit Status

Proof of Concept Available
Yes (added 2024-08-05 16:26:18 UTC) Source

References

https://vuldb.com/?id.273262 https://vuldb.com/?ctiid.273262 https://vuldb.com/?submit.379373 https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-08-15 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7339.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

RevoltSecurities/CVE-2024-7339

Type: github • Created: 2024-08-05 16:26:18 UTC • Stars: 18

An Vulnerability detection and Exploitation tool for CVE-2024-7339

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel