Td 2932td Hp Firmware
1 CVEs
product
Monthly
White-labeled DVRs manufactured by TVT contain an unauthenticated OS command injection in the 'Cross Web Server' HTTP service on ports 81/82. The URI path handling for language extraction fails to sanitize input, enabling remote attackers to execute arbitrary commands on the surveillance DVR.
Command Injection
RCE
Authentication Bypass
Td 2932td Hp Firmware
Td 2108ts Cl Firmware
+28
NVD
Exploit-DB
CVSS 3.1
9.8
EPSS
10.9%
CVE-2025-34036
EPSS 11%
CVSS 9.8
CRITICAL
POC
THREAT
Emergency
White-labeled DVRs manufactured by TVT contain an unauthenticated OS command injection in the 'Cross Web Server' HTTP service on ports 81/82. The URI path handling for language extraction fails to sanitize input, enabling remote attackers to execute arbitrary commands on the surveillance DVR.
Command Injection
RCE
Authentication Bypass
+30
NVD
Exploit-DB