CVE-2023-7227 CRITICAL

CVE-2023-7227: Command Injection vulnerability in SystemK NVR 504/508/516

Vendor Systemk
Product NVR 504
Weakness CWE-77
Published January 25, 2024
Last update May 29, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges.

Key dates

02Disclosure timeline

January 25, 2024 CVE published
May 29, 2025 Record updated