Shenzhen Tvt Digital Technology Co Ltd Nvms-9000 vulnerabilities
2 known vulnerabilities affecting shenzhen_tvt_digital_technology_co_ltd/nvms-9000.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-14007P1HIGHCVSS 8.7Exploitedfixed in 1.3.42025-11-24
CVE-2024-14007 [HIGH] CWE-306 CVE-2024-14007: Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated remote attacker can invoke privileged administrative
nvd
CVE-2018-25126P1CRITICALCVSS 9.3Exploitedfixed in mid-February firmware builds2025-11-24
CVE-2018-25126 [CRITICAL] CWE-78 CVE-2018-25126: Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor credential string and passes user-controlled fields into s
nvd