CVE-2024-7339

Public Exploit

TVT DVR TD-2104TS-CL queryDevInfo information disclosure

Description

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

Link	Tags
https://vuldb.com/?id.273262	vdb entry permissions required
https://vuldb.com/?ctiid.273262	signature vdb entry permissions required
https://vuldb.com/?submit.379373	third party advisory vdb entry
https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4	third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2024-7339?: CVE-2024-7339 has been scored as a medium severity vulnerability.
How to fix CVE-2024-7339?: To fix CVE-2024-7339, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-7339 being actively exploited in the wild?: It is possible that CVE-2024-7339 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~81% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-7339?: CVE-2024-7339 affects TVT DVR TD-2104TS-CL, TVT DVR TD-2108TS-HP, TVT Provision-ISR DVR SH-4050A5-5L(MM), TVT AVISION DVR AV108T.

Description

Category

CWE-200 – Exposure of Sensitive Information to an Unauthorized Actor

References

Frequently Asked Questions