CVE-2024-41887
MEDIUMHanwha Vision XRN-420S < 5.01.62 - Remote Code Execution via NVR Log File Path Traversal
Title source: llmDescription
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf
Scores
CVSS v4
5.1
EPSS
0.0097
EPSS Percentile
57.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
Hanwha Vision Co., Ltd./XRN-420S
5.01.62 and prior versions
Published
Dec 24, 2024
Tracked Since
Feb 18, 2026