Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-47001

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-18 Sep, 2024 | 06:08
Updated At-18 Sep, 2024 | 15:23
Rejected At-
Credits

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:18 Sep, 2024 | 06:08
Updated At:18 Sep, 2024 | 15:23
Rejected At:
▼CVE Numbering Authority (CNA)

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Affected Products
Vendor
TAKENAKA ENGINEERING CO., LTD.
Product
HDVR-400
Versions
Affected
  • prior to 46110.1.100869.65
Vendor
TAKENAKA ENGINEERING CO., LTD.
Product
HDVR-800
Versions
Affected
  • prior to 53210.1.900103.65
Vendor
TAKENAKA ENGINEERING CO., LTD.
Product
HDVR-1600
Versions
Affected
  • prior to 53310.1.900111.65
Vendor
TAKENAKA ENGINEERING CO., LTD.
Product
AHD04T-A
Versions
Affected
  • prior to 7xx10.1.900055.65
Vendor
TAKENAKA ENGINEERING CO., LTD.
Product
AHD08T-A
Versions
Affected
  • prior to 7xx10.1.900055.65
Vendor
TAKENAKA ENGINEERING CO., LTD.
Product
AHD16T-A
Versions
Affected
  • prior to 7xx10.1.900055.65
Vendor
TAKENAKA ENGINEERING CO., LTD.
Product
NVR04T-A
Versions
Affected
  • prior to 56x10.1.100540.65
Vendor
TAKENAKA ENGINEERING CO., LTD.
Product
NVR08T-A
Versions
Affected
  • prior to 56x10.1.100540.65
Vendor
TAKENAKA ENGINEERING CO., LTD.
Product
NVR16T-A
Versions
Affected
  • prior to 49310.1.100540.65
Problem Types
TypeCWE IDDescription
textN/AHidden functionality
Type: text
CWE ID: N/A
Description: Hidden functionality
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.takex-eng.co.jp/ja/news/news.php?s=68
N/A
https://jvn.jp/en/vu/JVNVU90142679/
N/A
Hyperlink: https://www.takex-eng.co.jp/ja/news/news.php?s=68
Resource: N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU90142679/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
takenaka_engineering
Product
hdvr-400_firmware
CPEs
  • cpe:2.3:o:takenaka_engineering:hdvr-400_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 46110.1.100869.65 (custom)
Vendor
takenaka_engineering
Product
hdvr-800_firmware
CPEs
  • cpe:2.3:o:takenaka_engineering:hdvr-800_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 53210.1.900103.65 (custom)
Vendor
takenaka_engineering
Product
hdvr-1600_firmware
CPEs
  • cpe:2.3:o:takenaka_engineering:hdvr-1600_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 53310.1.900111.65 (custom)
Vendor
takenaka_engineering
Product
ahd04t-a_firmware
CPEs
  • cpe:2.3:o:takenaka_engineering:ahd04t-a_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 7xx10.1.900055.65 (custom)
Vendor
takenaka_engineering
Product
ahd08t-a_firmware
CPEs
  • cpe:2.3:o:takenaka_engineering:ahd08t-a_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 7xx10.1.900055.65 (custom)
Vendor
takenaka_engineering
Product
ahd16t-a_firmware
CPEs
  • cpe:2.3:o:takenaka_engineering:ahd16t-a_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 7xx10.1.900055.65 (custom)
Vendor
takenaka_engineering
Product
nvr04t-a_firmware
CPEs
  • cpe:2.3:o:takenaka_engineering:nvr04t-a_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 56x10.1.100540.65 (custom)
Vendor
takenaka_engineering
Product
nvr08t-a_firmware
CPEs
  • cpe:2.3:o:takenaka_engineering:nvr08t-a_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 56x10.1.100540.65 (custom)
Vendor
takenaka_engineering
Product
nvr16t-a_firmware
CPEs
  • cpe:2.3:o:takenaka_engineering:nvr16t-a_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 49310.1.100540.65 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-912CWE-912 Hidden Functionality
Type: CWE
CWE ID: CWE-912
Description: CWE-912 Hidden Functionality
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:18 Sep, 2024 | 07:15
Updated At:20 Sep, 2024 | 12:30

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-912Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-912
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/vu/JVNVU90142679/vultures@jpcert.or.jp
N/A
https://www.takex-eng.co.jp/ja/news/news.php?s=68vultures@jpcert.or.jp
N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU90142679/
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://www.takex-eng.co.jp/ja/news/news.php?s=68
Source: vultures@jpcert.or.jp
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2024-43778
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.33% / 79.14%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 06:14
Updated-20 Sep, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Action-Not Available
Vendor-TAKENAKA ENGINEERING CO., LTD.takenaka_engineering
Product-AHD04T-AAHD16T-AHDVR-400AHD08T-AHDVR-800NVR04T-ANVR16T-AHDVR-1600NVR08T-Aahd16t-a_firmwarehdvr-800_firmwarehdvr-1600_firmwarenvr16t-a_firmwarehdvr-400_firmwarenvr04t-a_firmwareahd08t-a_firmwarenvr08t-a_firmwareahd04t-a_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-41929
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.67%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 06:07
Updated-20 Sep, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Action-Not Available
Vendor-TAKENAKA ENGINEERING CO., LTD.takenaka_engineering
Product-AHD04T-AAHD16T-AHDVR-400AHD08T-AHDVR-800NVR04T-ANVR16T-AHDVR-1600NVR08T-Aahd16t-a_firmwarehdvr-800_firmwarehdvr-1600_firmwarenvr16t-a_firmwarehdvr-400_firmwarenvr04t-a_firmwareahd08t-a_firmwarenvr08t-a_firmwareahd04t-a_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2022-38452
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.94%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 17:41
Updated-26 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rbs750_firmwarerbs750Orbi Router RBR750
CWE ID-CWE-912
Hidden Functionality
CVE-2023-40158
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.79%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 02:51
Updated-11 Oct, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.

Action-Not Available
Vendor-cbcCBC Co.,Ltd.cbc
Product-nr-16f82-16p_firmwaredr-4h_firmwaredr-4hnr8-4m71nr-16mdrh8-4m41-anr-16f82-16pdr-16f42adr-8m52-av_firmwaredr-4m51-av_firmwarenr-16f85-8pranr4h_firmwaredrh8-4m41-a_firmwaredr-8f42anr8-4m71_firmwarenr16hnr8-8m72dr-16h_firmwaredr-8f45at_firmwarenr-16m_firmwaredr-4fx1_firmwaredr-16hdr-16f45atnr-8fdr-4fx1nr4hnr-16f85-8pra_firmwaredr-4m51-avnr-8f_firmwaredr-16f42a_firmwaredr-16m52_firmwarenr8-8m72_firmwaredr-8hnr16h_firmwaredr-16m52dr-8m52-avdr-8f42a_firmwaredr-16f45at_firmwarenr-4f_firmwaredr-16m52-avdr-8h_firmwarenr-4fnr8hnr8h_firmwaredr-8f45atdr-16m52-av_firmwareNR-4F, NR-8F, NR-16F seriesDR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 seriesNR4H, NR8H, NR16H seriesDR-16M, DR-8M, DR-4M51 seriesNR-4M, NR-8M, NR-16M seriesnr-8fnr4hnr-8mdr-4m41dr-4hdr-8fnr-16mdr-4m51nr-4mdr-8hdr-16fnr-16fdr-8mdr-16mnr16hdr-4fnr-4fnr8hdr-16h
CWE ID-CWE-912
Hidden Functionality
Details not found