Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures
a photo with the front facing camera, exposing visual information about
the deployment environment.
Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be
retrieved without authentication, revealing sensitive operational
imagery.
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted
archives to be accepted, enabling attackers to plant and execute code
and obtain a reverse shell.
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes that
can facilitate later compromise.
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug
configuration details (e.g., SSH/RTTY status), assisting attackers in
reconnaissance against the device.
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The
device unpacks and executes a script resulting in unauthenticated remote
code execution.
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal
to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized
SSH access when combined with debu
Anviz CX7 Firmware is
vulnerable because the application embeds reusable certificate/key
material, enabling decryption of MQTT traffic and potential interaction
with device messaging channels at sc
The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access.
A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The mani
Anviz CX2 Lite is vulnerable to an authenticated command injection via a
filename parameter that enables arbitrary command execution (e.g.,
starting telnetd), resulting in root‑level access.
Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling
on‑path attackers to sniff credentials and session data, which can be
used to compromise the device.
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information discl
Access control vulnerability in the camera framework module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status infor
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection.
During the initialization process, a user has
Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality.
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
Page 1+ Next →