CVE-2024-41886

MEDIUM

NVR - RCE

Title source: llm

Description

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

References (1)

[Various Sources] https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf

Scores

CVSS v4 6.9

EPSS 0.0178

EPSS Percentile 82.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-755

Status published

Products (1)

Hanwha Vision Co., Ltd./XRN-420S 5.01.62 and prior versions

Published Dec 24, 2024

Tracked Since Feb 18, 2026