CVE-2024-7339

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4	Exploit Third Party Advisory
https://vuldb.com/?ctiid.273262	Permissions Required VDB Entry
https://vuldb.com/?id.273262	Permissions Required VDB Entry
https://vuldb.com/?submit.379373	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:-:::::::*
	cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):::::::*
	cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):::::::*
	cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):::::::*
	cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):::::::*
	cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):::::::*
	cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):::::::*

cpe:2.3:h:provision-isr:sh-4050a5-5l\(mm\):-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:tvt:avision_av108t_firmware:-:::::::*
	cpe:2.3:o:tvt:avision_av108t_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):::::::*
	cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):::::::*
	cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):::::::*
	cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):::::::*
	cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):::::::*
	cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):::::::*

cpe:2.3:h:tvt:avision_av108t:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:tvt:td-2104ts-cl_firmware:-:::::::*
	cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):::::::*
	cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):::::::*
	cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):::::::*
	cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):::::::*
	cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):::::::*
	cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):::::::*

cpe:2.3:h:tvt:td-2104ts-cl:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:tvt:td-2108ts-hp_firmware:-:::::::*
	cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):::::::*
	cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):::::::*
	cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):::::::*
	cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):::::::*
	cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):::::::*
	cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):::::::*

cpe:2.3:h:tvt:td-2108ts-hp:-:*:*:*:*:*:*:*

History

20 Dec 2024, 17:37

Type	Values Removed	Values Added
CPE	cpe:2.3:h:tvt:td-2108ts-hp:::::::: cpe:2.3:o:artion-sec:dvr_firmware:-:::::::* cpe:2.3:o:tvt:dvr_firmware:-:::::::* cpe:2.3:h:artion-sec:av108t:::::::: cpe:2.3:o:provision-isr:dvr_firmware:-:::::::* cpe:2.3:h:provision-isr:sh-4050a5-5l\(mm\):::::::: cpe:2.3:h:tvt:td-2104ts-cl::::::::	cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):::::::* cpe:2.3:h:tvt:td-2108ts-hp:-:::::::* cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):::::::* cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):::::::* cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):::::::* cpe:2.3:o:tvt:avision_av108t_firmware:-:::::::* cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):::::::* cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):::::::* cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):::::::* cpe:2.3:o:tvt:avision_av108t_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):::::::* cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):::::::* cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):::::::* cpe:2.3:o:tvt:td-2108ts-hp_firmware:-:::::::* cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):::::::* cpe:2.3:o:tvt:td-2104ts-cl_firmware:-:::::::* cpe:2.3:h:tvt:avision_av108t:-:::::::* cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.3.20657b180918.d06.u2\(4a41t\):::::::* cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):::::::* cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):::::::* cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):::::::* cpe:2.3:h:tvt:td-2104ts-cl:-:::::::* cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):::::::* cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d00.u1\(4a21s\):::::::* cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.24513b190218.d00.u1\(8a21s\):::::::* cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:-:::::::* cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):::::::* cpe:2.3:o:tvt:td-2108ts-hp_firmware:1.3.4.24879b190222.d00.u2\(8a21s\):::::::* cpe:2.3:o:tvt:td-2104ts-cl_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):::::::* cpe:2.3:h:provision-isr:sh-4050a5-5l\(mm\):-:::::::* cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):::::::* cpe:2.3:o:tvt:avision_av108t_firmware:1.3.4.22966b181219.d14.u1\(8a41t\):::::::* cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:1.3.4.22966b181219.d44.u1\(16a82t\):::::::*
First Time		Provision-isr sh-4050a5-5l\(mm\) Firmware Tvt td-2108ts-hp Firmware Tvt td-2104ts-cl Firmware Tvt avision Av108t Firmware Tvt avision Av108t

23 Aug 2024, 16:53

Type	Values Removed	Values Added
References	~~() https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4 -~~	() https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4 - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.273262 -~~	() https://vuldb.com/?ctiid.273262 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.273262 -~~	() https://vuldb.com/?id.273262 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?submit.379373 -~~	() https://vuldb.com/?submit.379373 - Third Party Advisory, VDB Entry
CWE		NVD-CWE-noinfo
First Time		Provision-isr sh-4050a5-5l\(mm\) Tvt td-2104ts-cl Provision-isr dvr Firmware Tvt Artion-sec av108t Artion-sec dvr Firmware Artion-sec Tvt dvr Firmware Tvt td-2108ts-hp Provision-isr
CPE		cpe:2.3:h:tvt:td-2108ts-hp:::::::: cpe:2.3:h:artion-sec:av108t:::::::: cpe:2.3:o:provision-isr:dvr_firmware:-:::::::* cpe:2.3:o:artion-sec:dvr_firmware:-:::::::* cpe:2.3:h:tvt:td-2104ts-cl:::::::: cpe:2.3:o:tvt:dvr_firmware:-:::::::* cpe:2.3:h:provision-isr:sh-4050a5-5l\(mm\)::::::::

01 Aug 2024, 12:42

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad en TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) y AVISION DVR AV108T y se ha clasificado como problemática. Esta vulnerabilidad afecta a código desconocido del archivo /queryDevInfo. La manipulación conduce a la divulgación de información. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-273262 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.

01 Aug 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-01 04:15

Updated : 2024-12-20 17:37

NVD link : CVE-2024-7339

Mitre link : CVE-2024-7339

CVE.ORG link : CVE-2024-7339

JSON object : View

Products Affected

tvt

avision_av108t
td-2108ts-hp_firmware
td-2104ts-cl
avision_av108t_firmware
td-2108ts-hp
td-2104ts-cl_firmware

provision-isr

sh-4050a5-5l\(mm\)
sh-4050a5-5l\(mm\)_firmware

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2024-7339

5.3^/10

5.0^/10

Attach tags to `CVE-2024-7339`