Description
An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device.
References (2)
Core 2
Core References
Various Sources
https://www.tbeye.com/topics/ahd/
Third Party Advisory
https://jvn.jp/en/vu/JVNVU93396297/
Scores
CVSS v3
7.2
EPSS
0.0119
EPSS Percentile
63.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (17)
TB-eye Ltd./HRX-1621/TE
firmware versions Ver3.05.62 and earlier
TB-eye Ltd./HRX-1635/TE
firmware versions Ver5.31.72 and earlier
TB-eye Ltd./HRX-421FN/TE
firmware versions Ver3.05.62 and earlier
TB-eye Ltd./HRX-435FN/TE
firmware versions Ver5.31.72 and earlier
TB-eye Ltd./HRX-821/TE
firmware versions Ver3.05.62 and earlier
TB-eye Ltd./HRX-835/TE
firmware versions Ver5.31.72 and earlier
TB-eye Ltd./PRN-4011N/TE
firmware versions Ver2.51p_231208081715 and earlier
TB-eye Ltd./XRN-1610SN/TE
firmware versions Ver2.47b_210516234524 and earlier
TB-eye Ltd./XRN-1620S/TE
firmware versions Ver5.34.12 and earlier
TB-eye Ltd./XRN-3210R/TE
firmware versions Ver5.34.12 and earlier
... and 7 more
Published
Jun 27, 2025
Tracked Since
Feb 18, 2026