Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202509-00000009)
[Description]
[DIGIEVER Corporation | Network Surveillance Server - Exposure of Sensitive Information] (CVE-2025-10264, CVSS: 10.0) An unauthenticated remote attacker can access system configuration files and obtain plaintext usernames and passwords for the NVR and connected cameras.
[DIGIEVER Corporation | Network Surveillance Server - OS Command Injection] (CVE-2025-10265, CVSS: 8.8) An authenticated remote attacker can inject arbitrary operating system commands and execute them on the device.
[Affected Platforms]
● Affected NVR Series Models:
DS-1200
DS-2100 Pro
DS-2100 Pro+
DS-2100 UHD
DS-2200 UHD
DS-2200 UHD+
DS-4200 Pro
DS-4200 Pro+
DS-4200 UHD
DS-4200 UHD+
DS-4100-RM
DS-4200-RM Pro+
DS-4200-RM UHD
DS-8x00-RM Pro+
DS-8x00-SRM Pro+
DS-8x00-RM UHD
DS-16x00-RM Pro+
DS-16x00-RM UHD
● Affected Firmware Versions:
Versions prior to x.x.x.78
[Recommended Action]
Update the firmware to version x.x.x.79 or later.
[References]
1. DIGIEVER Corporation | Network Monitoring Server - 2 Vulnerabilities: https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html
[Security Vulnerability Alert] DIGIEVER Corporation | Network Monitoring Server - 2 Vulnerabilities Found
Type:行政公告
Pubish Date:2025/09/25 至 2026/03/25
Visitors:36
返回列表
