CVE-2024-41929
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TAKENAKA ENGINEERING CO., LTD. | HDVR-400 | prior to 46110.1.100869.65 | affected |
| TAKENAKA ENGINEERING CO., LTD. | HDVR-800 | prior to 53210.1.900103.65 | affected |
| TAKENAKA ENGINEERING CO., LTD. | HDVR-1600 | prior to 53310.1.900111.65 | affected |
| TAKENAKA ENGINEERING CO., LTD. | AHD04T-A | prior to 7xx10.1.900055.65 | affected |
| TAKENAKA ENGINEERING CO., LTD. | AHD08T-A | prior to 7xx10.1.900055.65 | affected |
| TAKENAKA ENGINEERING CO., LTD. | AHD16T-A | prior to 7xx10.1.900055.65 | affected |
| TAKENAKA ENGINEERING CO., LTD. | NVR04T-A | prior to 56x10.1.100540.65 | affected |
| TAKENAKA ENGINEERING CO., LTD. | NVR08T-A | prior to 56x10.1.100540.65 | affected |
| TAKENAKA ENGINEERING CO., LTD. | NVR16T-A | prior to 49310.1.100540.65 | affected |
Weaknesses
- Improper authentication
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.