CVE-2024-22515

HIGH

iSpyConnect.com Agent DVR <5.1.6.0 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-22515. PoCs published by Orange-418.

AI-analyzed exploit summary This repository provides a detailed technical writeup for CVE-2024-22515 and CVE-2024-22514, explaining how arbitrary file upload and remote code execution can be achieved in AgentDVR 5.1.6.0 through manual exploitation steps. It includes a simple reverse shell payload but does not contain automated exploit code.

Description

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.

Exploits (2)

nomisec WRITEUP 4 stars
by Orange-418 · poc
https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution

This repository provides a detailed technical writeup for CVE-2024-22515 and CVE-2024-22514, explaining how arbitrary file upload and remote code execution can be achieved in AgentDVR 5.1.6.0 through manual exploitation steps. It includes a simple reverse shell payload but does not contain automated exploit code.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AgentDVR 5.1.6.0
Auth required
Prerequisites: Valid credentials for AgentDVR server · Access to the dashboard to configure dummy device and actions
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS
by Orange-418 · poc
https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability

The repository lacks actual exploit code and instead redirects users to an external GitHub repository for the PoC. The README provides minimal technical details about the vulnerability, focusing more on references and external links.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Agent DVR 5.1.6.0
Auth required
Prerequisites: Authenticated access to the Agent DVR application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0120
EPSS Percentile 64.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
ispyconnect/agent_dvr 5.1.6.0
Published Feb 06, 2024
Tracked Since Feb 18, 2026