Home
Description
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
PUBLISHED Reserved 2025-09-11 | Published 2025-09-12 | Updated 2025-09-29 | Assigner twcert
HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem types
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product status
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
References
www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html third-party-advisory
www.twcert.org.tw/en/cp-139-10376-a057c-2.html third-party-advisory
cve.org
(CVE-2025-10265)
nvd.nist.gov
(CVE-2025-10265)
Download JSON
