cbcvebase.
CVE-2023-7227
published 2024-01-25

CVE-2023-7227: SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS)…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.28%
66.4th percentile
SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges.

Affected

6 ranges
VendorProductVersion rangeFixed in
systemk-corpnvr_504_firmware
systemk-corpnvr_508_firmware
systemk-corpnvr_516_firmware
systemknvr_504
systemknvr_508
systemknvr_516

Detection & IOCsextracted from sources · hover to see the quote

  • Command injection vulnerability is located in the DDNS (Dynamic Domain Name System) settings of the SystemK NVR web interface — focus network/web traffic monitoring and input validation on DDNS configuration endpoints
  • A public Proof of Concept (PoC) exists for this vulnerability, authored by Keniver Wang — monitor threat intel feeds and public repositories for PoC payloads targeting SystemK NVR DDNS settings
  • ·SystemK has not engaged with CISA to produce a patch — no vendor-supplied fix is available; network isolation is the primary recommended mitigation
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.