CVE-2021-41419
CRITICAL EXPLOITED NUCLEIQvis Dvr Firmware < 2021-12-13 - Insecure Deserialization
Title source: ruleDescription
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
Nuclei Templates (1)
QVIS NVR/DVR - Remote Code Execution
CRITICALVERIFIEDby me9187
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://twitter.com/Me9187/status/1414904314368348163
Exploit, Third Party Advisory x_refsource_misc
https://github.com/projectdiscovery/nuclei-templates/blob/master/iot/qvisdvr-deserialization-rce.yaml
Third Party Advisory x_refsource_misc
https://gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/712ac36c8a08e2698e875169442a23a4
Scores
CVSS v3
9.8
EPSS
0.7714
EPSS Percentile
99.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2026-02-01
CWE
CWE-502
Status
published
Products (2)
qvis/dvr_firmware
< 2021-12-13
qvis/nvr_firmware
< 2021-12-13
Published
Jul 18, 2022
Tracked Since
Feb 18, 2026