CVE-2025-41418

Summary

Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request.

Affected Software

VendorProductVersion RangeStatus
TB-eye Ltd.XRN-410SN/TEfirmware versions Ver2.47b_220119153805 and earlieraffected
TB-eye Ltd.XRN-810SN/TEfirmware versions Ver2.47b_220119153805 and earlieraffected
TB-eye Ltd.XRN-1610SN/TEfirmware versions Ver2.47b_210516234524 and earlieraffected
TB-eye Ltd.PRN-4011N/TEfirmware versions Ver2.51p_231208081715 and earlieraffected
TB-eye Ltd.HRX-421FN/TEfirmware versions Ver3.05.62 and earlieraffected
TB-eye Ltd.HRX-821/TEfirmware versions Ver3.05.62 and earlieraffected
TB-eye Ltd.HRX-1621/TEfirmware versions Ver3.05.62 and earlieraffected
TB-eye Ltd.HRX-435FN/TEfirmware versions Ver5.31.72 and earlieraffected
TB-eye Ltd.HRX-835/TEfirmware versions Ver5.31.72 and earlieraffected
TB-eye Ltd.HRX-1635/TEfirmware versions Ver5.31.72 and earlieraffected
TB-eye Ltd.XRN-425SFN/TEfirmware versions Ver5.31.32 and earlieraffected
TB-eye Ltd.XRN-426Sfirmware versions Ver5.33.12 and earlieraffected
TB-eye Ltd.XRN-820S/TEfirmware versions Ver5.34.12 and earlieraffected
TB-eye Ltd.XRN-1620S/TEfirmware versions Ver5.34.12 and earlieraffected
TB-eye Ltd.XRN-3210R/TEfirmware versions Ver5.34.12 and earlieraffected
TB-eye Ltd.XRN-6410R/TEfirmware versions Ver5.34.12 and earlieraffected
TB-eye Ltd.XRN-6410DR/TEfirmware versions Ver5.34.12 and earlieraffected

Weaknesses

  • CWE-120: Buffer overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References