1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: SystemK
- Equipment: NVR 504/508/516
- Vulnerability: Command Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute commands with root privileges.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of SystemK NVR, a network video recorder, are affected:
- NVR 504: 2.3.5SK.30084998
- NVR 508: 2.3.5SK.30084998
- NVR 516: 2.3.5SK.30084998
3.2 Vulnerability Overview
3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (‘COMMAND INJECTION’) CWE-77
SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges.
CVE-2023-7227 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Japan
3.4 RESEARCHER
CISA discovered a public Proof of Concept (PoC) as authored by Keniver Wang.
4. MITIGATIONS
SystemK has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of SystemK NVR products are invited to contact This article has been indexed from All CISA Advisories