CVE-2024-41883

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

CVSS

No CVSS.

References

Link	Resource
https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Team ENVY, un equipo de investigación de seguridad, ha encontrado una falla que permite la ejecución remota de código en el NVR. Un atacante ingresa un valor especial para un parámetro de URL específico, lo que genera una referencia de puntero NULL y un reinicio del NVR. El fabricante ha publicado un parche de firmware para la falla; consulte el informe del fabricante para obtener detalles y workarounds.

24 Dec 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-24 06:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-41883

Mitre link : CVE-2024-41883

CVE.ORG link : CVE-2024-41883

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-41883", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-24T06:15:33.943", "references": [{"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf", "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the \n\nNVR\n\n.\u00a0An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds."}, {"lang": "es", "value": "Team ENVY, un equipo de investigaci\u00f3n de seguridad, ha encontrado una falla que permite la ejecuci\u00f3n remota de c\u00f3digo en el NVR. Un atacante ingresa un valor especial para un par\u00e1metro de URL espec\u00edfico, lo que genera una referencia de puntero NULL y un reinicio del NVR. El fabricante ha publicado un parche de firmware para la falla; consulte el informe del fabricante para obtener detalles y workarounds."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "fc9afe74-3f80-4fb7-a313-e6f036a89882"}