CVE-2025-36529

Summary

An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device.

Affected Software

VendorProductVersion RangeStatus
TB-eye Ltd.XRN-410SN/TEfirmware versions Ver2.47b_220119153805 and earlieraffected
TB-eye Ltd.XRN-810SN/TEfirmware versions Ver2.47b_220119153805 and earlieraffected
TB-eye Ltd.XRN-1610SN/TEfirmware versions Ver2.47b_210516234524 and earlieraffected
TB-eye Ltd.PRN-4011N/TEfirmware versions Ver2.51p_231208081715 and earlieraffected
TB-eye Ltd.HRX-421FN/TEfirmware versions Ver3.05.62 and earlieraffected
TB-eye Ltd.HRX-821/TEfirmware versions Ver3.05.62 and earlieraffected
TB-eye Ltd.HRX-1621/TEfirmware versions Ver3.05.62 and earlieraffected
TB-eye Ltd.HRX-435FN/TEfirmware versions Ver5.31.72 and earlieraffected
TB-eye Ltd.HRX-835/TEfirmware versions Ver5.31.72 and earlieraffected
TB-eye Ltd.HRX-1635/TEfirmware versions Ver5.31.72 and earlieraffected
TB-eye Ltd.XRN-425SFN/TEfirmware versions Ver5.31.32 and earlieraffected
TB-eye Ltd.XRN-426Sfirmware versions Ver5.33.12 and earlieraffected
TB-eye Ltd.XRN-820S/TEfirmware versions Ver5.34.12 and earlieraffected
TB-eye Ltd.XRN-1620S/TEfirmware versions Ver5.34.12 and earlieraffected
TB-eye Ltd.XRN-3210R/TEfirmware versions Ver5.34.12 and earlieraffected
TB-eye Ltd.XRN-6410R/TEfirmware versions Ver5.34.12 and earlieraffected
TB-eye Ltd.XRN-6410DR/TEfirmware versions Ver5.34.12 and earlieraffected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References