cbcvebase.
CVE-2024-7339
published 2024-08-01

CVE-2024-7339: A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as…

PriorityP275medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
32.03%
98.1th percentile
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected

48 ranges· showing 25
VendorProductVersion rangeFixed in
provision-isrsh-4050a5-5l_firmware
provision-isrsh-4050a5-5l_firmware
provision-isrsh-4050a5-5l_firmware
provision-isrsh-4050a5-5l_firmware
provision-isrsh-4050a5-5l_firmware
provision-isrsh-4050a5-5l_firmware
tvtavision_av108t_firmware
tvtavision_av108t_firmware
tvtavision_av108t_firmware
tvtavision_av108t_firmware
tvtavision_av108t_firmware
tvtavision_av108t_firmware
tvtavision_dvr_av108t
tvtavision_dvr_av108t
tvtavision_dvr_av108t
tvtavision_dvr_av108t
tvtavision_dvr_av108t
tvtavision_dvr_av108t
tvtdvr_td-2104ts-cl
tvtdvr_td-2104ts-cl
tvtdvr_td-2104ts-cl
tvtdvr_td-2104ts-cl
tvtdvr_td-2104ts-cl
tvtdvr_td-2104ts-cl
tvtdvr_td-2108ts-hp

Detection & IOCsextracted from sources · hover to see the quote

path/queryDevInfo
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS TVT queryDevInfo Information Disclosure (CVE-2024-7339)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:13; content:"/queryDevInfo"; fast_pattern; http.request_body; content:"systemType|3d 22|NVMS9000|22|"; content:"clientType|3d 22|WEB|22|"; reference:url,netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d; reference:cve,2024-7339; classtype:web-application-attack; sid:2065208; rev:1; metadata:affected_product DVR, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_10_15, cve CVE_2024_7339, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_10_15, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
bytes
systemType|3d 22|NVMS9000|22|
bytes
clientType|3d 22|WEB|22|
  • Detect unauthenticated POST requests to /queryDevInfo with no request body — the exploit requires no authentication or body content to trigger information disclosure.
  • Responses containing both 'softwareVersion' and 'eth0' strings indicate successful exploitation and device information disclosure.
  • The Snort/ET rule matches on HTTP POST to URI of exactly 13 bytes (/queryDevInfo) with request body containing systemType=NVMS9000 and clientType=WEB (URL-encoded as |3d 22|).
  • Traffic is expected in plaintext (no TLS); deploy detection at perimeter and internal network boundaries.
  • ·The exploit requires no authentication and no request body — a bare POST to /queryDevInfo is sufficient to trigger the vulnerability, making it trivially exploitable remotely.
  • ·EPSS score of 0.89706 (99.565th percentile) indicates extremely high probability of exploitation in the wild; prioritize detection and patching accordingly.
  • ·Affected devices include TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM), and AVISION DVR AV108T — vendor did not respond to disclosure.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.