What the vulnerability does
01Description
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
CVSS base score
8.7/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
September 12, 2025
CVE published
September 29, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-40029 parseusbs < 1.9 Command Injection via Crafted LNK Filename
CVE-2024-54012 Command Injection
CVE-2021-28802 Command Injection Vulnerabilities in QTS and QuTS hero
CVE-2026-40088 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
CVE-2026-6155 Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection
