Home

Description

An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device.

PUBLISHED Reserved 2025-06-24 | Published 2025-06-27 | Updated 2025-06-30 | Assigner jpcert




HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Product status

firmware versions Ver2.47b_220119153805 and earlier
affected

firmware versions Ver2.47b_220119153805 and earlier
affected

firmware versions Ver2.47b_210516234524 and earlier
affected

firmware versions Ver2.51p_231208081715 and earlier
affected

firmware versions Ver3.05.62 and earlier
affected

firmware versions Ver3.05.62 and earlier
affected

firmware versions Ver3.05.62 and earlier
affected

firmware versions Ver5.31.72 and earlier
affected

firmware versions Ver5.31.72 and earlier
affected

firmware versions Ver5.31.72 and earlier
affected

firmware versions Ver5.31.32 and earlier
affected

firmware versions Ver5.33.12 and earlier
affected

firmware versions Ver5.34.12 and earlier
affected

firmware versions Ver5.34.12 and earlier
affected

firmware versions Ver5.34.12 and earlier
affected

firmware versions Ver5.34.12 and earlier
affected

firmware versions Ver5.34.12 and earlier
affected

References

www.tbeye.com/topics/ahd/

jvn.jp/en/vu/JVNVU93396297/

cve.org (CVE-2025-36529)

nvd.nist.gov (CVE-2025-36529)

Download JSON