← Back

CVE-2025-34036

nvd nist
Published: Jun 24, 2025Modified: Nov 20, 2025

JSON object

Loading...
10.0
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.

Affected (30)

Tvt
30 products
Td 2108ts Cl Firmware
Td 2108ts Cl A Firmware
Td 2116ts Cl Firmware
Td 2104ts Hc Firmware
Td 2108ts Hc Firmware
Td 2116ts Hc Firmware
Td 2104ts Hp Firmware
Td 2108ts Hp Firmware
Td 2116te Hp Firmware
Td 2704ts Hc Firmware
Td 2708ts Hc Firmware
Td 2716te Hc Firmware
Td 2716te Hc A Firmware
Td 2716tc Hc Firmware
Td 2732tc Hc Firmware
Td 2716td Hc Firmware
Td 2732td Hc Firmware
Td 2704ts Hp Firmware
Td 2708ts Hp Firmware
Td 2708te Hp Firmware
Td 2716te Hp Firmware
Td 2716te Hp A Firmware
Td 2716tc Hp Firmware
Td 2708te Hk Firmware
Td 2932td Hp Firmware
Td 2004ts Cl Firmware
Td 2004ts Cl C Firmware
Td 2104ts Cl Firmware
Td 2104ts Cl A Firmware
Td 2008ts Cl Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2108ts Cl Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2108ts Cl
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2108ts Cl A Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2108ts Cl A
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2116ts Cl Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2116ts Cl
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2104ts Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2104ts Hc
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2108ts Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2108ts Hc
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2116ts Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2116ts Hc
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2104ts Hp Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2104ts Hp
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2108ts Hp Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2108ts Hp
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2116te Hp Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2116te Hp
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2704ts Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2704ts Hc
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2708ts Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2708ts Hc
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2716te Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2716te Hc
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2716te Hc A Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2716te Hc A
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2716tc Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2716tc Hc
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2732tc Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2732tc Hc
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2716td Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2716td Hc
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2732td Hc Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2732td Hc
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2704ts Hp Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2704ts Hp
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2708ts Hp Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2708ts Hp
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2708te Hp Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2708te Hp
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2716te Hp Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2716te Hp
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2716te Hp A Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2716te Hp A
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2716tc Hp Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2716tc Hp
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2708te Hk Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2708te Hk
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2932td Hp Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2932td Hp
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2004ts Cl Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2004ts Cl
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2004ts Cl C Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2004ts Cl C
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2104ts Cl Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2104ts Cl
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2104ts Cl A Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2104ts Cl A
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Td 2008ts Cl Firmware
All versions
Running on/withPlatform Versions
Tvt
Td 2008ts Cl
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory

Timeline

No history available yet.