CVE-2021-41419

CRITICAL EXPLOITED NUCLEI

QVIS DVR and NVR Firmware < 2021-12-13 - Remote Code Execution via Java Deserialization

Title source: llm

CVE-2021-41419 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.

QVIS NVR/DVR - Remote Code Execution

CRITICALVERIFIEDby me9187

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

Exploit, Third Party Advisory x_refsource_misc

Third Party Advisory x_refsource_misc

CVSS v3 9.8

EPSS 0.0668

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

VulnCheck KEV 2026-02-01

CWE

CWE-502

Status published

Products (2)

qvis/dvr_firmware < 2021-12-13

qvis/nvr_firmware < 2021-12-13

Published Jul 18, 2022

Tracked Since Feb 18, 2026