Description
An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device.
Reserved 2025-06-24 | Published 2025-06-27 | Updated 2025-06-27 | Assigner
jpcertHIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Problem types
Improper neutralization of special elements used in an OS command ('OS Command Injection')
Product status
firmware versions Ver2.47b_220119153805 and earlier
affected
firmware versions Ver2.47b_220119153805 and earlier
affected
firmware versions Ver2.47b_210516234524 and earlier
affected
firmware versions Ver2.51p_231208081715 and earlier
affected
firmware versions Ver3.05.62 and earlier
affected
firmware versions Ver3.05.62 and earlier
affected
firmware versions Ver3.05.62 and earlier
affected
firmware versions Ver5.31.72 and earlier
affected
firmware versions Ver5.31.72 and earlier
affected
firmware versions Ver5.31.72 and earlier
affected
firmware versions Ver5.31.32 and earlier
affected
firmware versions Ver5.33.12 and earlier
affected
firmware versions Ver5.34.12 and earlier
affected
firmware versions Ver5.34.12 and earlier
affected
firmware versions Ver5.34.12 and earlier
affected
firmware versions Ver5.34.12 and earlier
affected
firmware versions Ver5.34.12 and earlier
affected
References
www.tbeye.com/topics/ahd/
jvn.jp/en/vu/JVNVU93396297/
cve.org (CVE-2025-36529)
nvd.nist.gov (CVE-2025-36529)
Download JSON
