CVE-2024-14007 - Vulnerability Details

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated remote attacker can invoke privileged administrative query commands without valid credentials. Successful exploitation discloses sensitive information including administrator usernames and passwords in cleartext, network and service configuration, and other device details via commands such as queryBasicCfg, queryUserList, queryEmailCfg, queryPPPoECfg, and queryFTPCfg.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Tvt	Nvms-9000 Firmware

No data.

References

Link	Providers
https://ssd-disclosure.com/ssd-advisory-nvms9000-information-disclosure/
https://undercodetesting.com/eleven11-botnet-mirai-variant-targeting-nvms-9000-devices/
https://www.greynoise.io/blog/surge-exploitation-attempts-tvt-dvrs
https://www.vulncheck.com/advisories/tvt-nvms9000-unauthenticated-admin-queries-and-information-disclosure

History

Tue, 25 Nov 2025 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tvt Tvt nvms-9000 Firmware
CPEs		cpe:2.3:o:tvt:nvms-9000_firmware:-:::::::*
Vendors & Products		Tvt Tvt nvms-9000 Firmware

Mon, 24 Nov 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 24 Nov 2025 20:45:00 +0000

Type	Values Removed	Values Added
Description		Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated remote attacker can invoke privileged administrative query commands without valid credentials. Successful exploitation discloses sensitive information including administrator usernames and passwords in cleartext, network and service configuration, and other device details via commands such as queryBasicCfg, queryUserList, queryEmailCfg, queryPPPoECfg, and queryFTPCfg.
Title		TVT NVMS-9000 < 1.3.4 Unauthenticated Administrative Queries & Information Disclosure
Weaknesses		CWE-306
References		https://ssd-disclosure.com/ssd-advisory-nvms9000-information-disclosure/ https://undercodetesting.com/eleven11-botnet-mirai-variant-targeting-nvms-9000-devices/ https://www.greynoise.io/blog/surge-exploitation-attempts-tvt-dvrs https://www.vulncheck.com/advisories/tvt-nvms9000-unauthenticated-admin-queries-and-information-disclosure
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-11-24T20:31:02.227Z

Updated: 2025-11-25T13:07:25.360Z

Reserved: 2025-10-22T19:13:16.930Z

Link: CVE-2024-14007

Vulnrichment

Updated: 2025-11-24T21:04:50.411Z

NVD

Status : Awaiting Analysis

Published: 2025-11-24T21:16:01.640

Modified: 2025-11-25T22:16:16.690

Link: CVE-2024-14007

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object