CVE-2025-34043
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-12-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a remote command injection flaw in Vacron Network Video Recorder (NVR) devices version 1.4 and below. It occurs because the board.cgi script does not properly sanitize user input, specifically the 'cmd' parameter. This allows unauthenticated attackers to send crafted HTTP requests that execute arbitrary operating system commands on the device with the privileges of the web server process, leading to remote code execution and potential full device compromise. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows attackers to remotely execute arbitrary commands on affected Vacron NVR devices without any authentication or user interaction. This can lead to full compromise of the device, unauthorized access to sensitive information, disruption of device functionality, and potentially using the device as a foothold for further attacks within the network. The vulnerability has been actively exploited in the wild, including by the IoT Reaper botnet. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted HTTP requests to the /board.cgi endpoint with the 'cmd' parameter to execute commands remotely. For example, commands such as 'ifconfig', 'cat /etc/passwd', or 'ls ../../../' can be tested via crafted URLs to check for command injection. Additionally, Nessus detects this vulnerability by attempting to read the contents of the /proc/cpuinfo file on the device. Therefore, scanning with Nessus Plugin ID 104124 is recommended for detection. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Since no patch or official fix is currently available, immediate mitigation steps include preventing exposure of affected Vacron NVR devices to the internet and isolating them within secure local networks. Restrict access to the devices to trusted users only and monitor network traffic for suspicious HTTP requests targeting the /board.cgi endpoint. Consider disabling or restricting access to the vulnerable board.cgi script if possible. [2, 3]