CVE-2023-7227

Summary

SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges.

Affected Software

VendorProductVersion RangeStatus
SystemKNVR 5042.3.5SK.30084998affected
SystemKNVR 5082.3.5SK.30084998affected
SystemKNVR 5162.3.5SK.30084998affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References