cbcvebase.
CVE-2024-14007
published 2025-11-24

CVE-2024-14007: Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an…

PriorityP187high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.77%
50.9th percentile
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated remote attacker can invoke privileged administrative query commands without valid credentials. Successful exploitation discloses sensitive information including administrator usernames and passwords in cleartext, network and service configuration, and other device details via commands such as queryBasicCfg, queryUserList, queryEmailCfg, queryPPPoECfg, and queryFTPCfg.

Affected

1 ranges
VendorProductVersion rangeFixed in
shenzhen_tvt_digital_technology_co_ltdnvms-9000< 1.3.41.3.4

Detection & IOCsextracted from sources · hover to see the quote

commandqueryBasicCfg
commandqueryUserList
commandqueryEmailCfg
commandqueryPPPoECfg
commandqueryFTPCfg
snort
alert tcp any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Shenzhen TVT NVMS-9000 Information Disclosure Attempt (CVE-2024-14007)"; flow:established,to_server; content:"systemType|3d 22|NVMS-9000|22 20|clientType|3d 22|WEB|22 20|url|3d 22|query"; fast_pattern; reference:cve,2024-14007; reference:url,ssd-disclosure.com/ssd-advisory-nvms9000-information-disclosure/; classtype:attempted-admin; sid:2065916; rev:1; metadata:affected_product Shenzhen_Atemi, attack_target IoT, tls_state plaintext, created_at 2025_11_25, cve CVE_2024_14007, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_11_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
bytes
systemType="NVMS-9000" clientType="WEB" url="query
  • Exploit traffic is plaintext TCP (tls_state plaintext); monitor inbound TCP connections to NVMS-9000 control ports for the payload pattern systemType="NVMS-9000" clientType="WEB" url="query without prior authentication.
  • A single crafted TCP payload is sufficient for exploitation — no multi-packet handshake or session required; single-packet detection rules are appropriate.
  • Successful exploitation will be followed by cleartext disclosure of admin credentials and configuration data in the TCP response; inspect response traffic for plaintext username/password fields.
  • Snort/Suricata SID 2065916 (ET rule) provides a high-confidence, low-performance-impact signature for perimeter and internal deployment.
  • ·The vulnerability affects firmware versions prior to 1.3.4 and impacts many white-labeled DVR/NVR/IPC products beyond the NVMS-9000 brand; asset inventory should account for OEM rebrands.
  • ·The NVMS-9000 control port must be exposed (internet-facing or network-accessible) for exploitation; restricting access to the control port at the perimeter eliminates remote attack surface.

CVSS provenance

nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck8.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.