CVE-2025-36529
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TB-eye Ltd. | XRN-410SN/TE | firmware versions Ver2.47b_220119153805 and earlier | affected |
| TB-eye Ltd. | XRN-810SN/TE | firmware versions Ver2.47b_220119153805 and earlier | affected |
| TB-eye Ltd. | XRN-1610SN/TE | firmware versions Ver2.47b_210516234524 and earlier | affected |
| TB-eye Ltd. | PRN-4011N/TE | firmware versions Ver2.51p_231208081715 and earlier | affected |
| TB-eye Ltd. | HRX-421FN/TE | firmware versions Ver3.05.62 and earlier | affected |
| TB-eye Ltd. | HRX-821/TE | firmware versions Ver3.05.62 and earlier | affected |
| TB-eye Ltd. | HRX-1621/TE | firmware versions Ver3.05.62 and earlier | affected |
| TB-eye Ltd. | HRX-435FN/TE | firmware versions Ver5.31.72 and earlier | affected |
| TB-eye Ltd. | HRX-835/TE | firmware versions Ver5.31.72 and earlier | affected |
| TB-eye Ltd. | HRX-1635/TE | firmware versions Ver5.31.72 and earlier | affected |
| TB-eye Ltd. | XRN-425SFN/TE | firmware versions Ver5.31.32 and earlier | affected |
| TB-eye Ltd. | XRN-426S | firmware versions Ver5.33.12 and earlier | affected |
| TB-eye Ltd. | XRN-820S/TE | firmware versions Ver5.34.12 and earlier | affected |
| TB-eye Ltd. | XRN-1620S/TE | firmware versions Ver5.34.12 and earlier | affected |
| TB-eye Ltd. | XRN-3210R/TE | firmware versions Ver5.34.12 and earlier | affected |
| TB-eye Ltd. | XRN-6410R/TE | firmware versions Ver5.34.12 and earlier | affected |
| TB-eye Ltd. | XRN-6410DR/TE | firmware versions Ver5.34.12 and earlier | affected |
Weaknesses
- CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.