Vulnerability Description
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tvt | Td-2108Ts-Cl Firmware | - |
| Tvt | Td-2108Ts-Cl | - |
| Tvt | Td-2108Ts-Cl-A Firmware | - |
| Tvt | Td-2108Ts-Cl-A | - |
| Tvt | Td-2116Ts-Cl Firmware | - |
| Tvt | Td-2116Ts-Cl | - |
| Tvt | Td-2104Ts-Hc Firmware | - |
| Tvt | Td-2104Ts-Hc | - |
| Tvt | Td-2108Ts-Hc Firmware | - |
| Tvt | Td-2108Ts-Hc | - |
| Tvt | Td-2116Ts-Hc Firmware | - |
| Tvt | Td-2116Ts-Hc | - |
| Tvt | Td-2104Ts-Hp Firmware | - |
| Tvt | Td-2104Ts-Hp | - |
| Tvt | Td-2108Ts-Hp Firmware | - |
| Tvt | Td-2108Ts-Hp | - |
| Tvt | Td-2116Te-Hp Firmware | - |
| Tvt | Td-2116Te-Hp | - |
| Tvt | Td-2704Ts-Hc Firmware | - |
| Tvt | Td-2704Ts-Hc | - |
Related Weaknesses (CWE)
References
- https://vulncheck.com/advisories/shenzhen-tvt-cctv-dvr-command-injectionThird Party Advisory
- https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/reExploitThird Party Advisory
- https://www.exploit-db.com/exploits/39596ExploitThird Party Advisory
- https://web.archive.org/web/20160322204109/http://www.kerneronsec.com/2016/02/reExploitThird Party Advisory
FAQ
What is CVE-2025-34036?
CVE-2025-34036 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface...
How severe is CVE-2025-34036?
CVE-2025-34036 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-34036?
Check the references section above for vendor advisories and patch information. Affected products include: Tvt Td-2108Ts-Cl Firmware, Tvt Td-2108Ts-Cl, Tvt Td-2108Ts-Cl-A Firmware, Tvt Td-2108Ts-Cl-A, Tvt Td-2116Ts-Cl Firmware.