TEAM.ENVY
  • Introduction
  • About us
  • Hikvision
    • CVE-2023-28812
    • CVE-2023-28813
  • Methodology
    • Firmware Extraction Methodology
    • Embedded File System Analysis Methodology
  • Hikvsion Report
    • File System Analysis Report
    • Analysis Environment Build report
    • Binary Analysis Report
  • Dahua
    • File System Analysis Report
    • Analysis Environment Build Report
    • Binary Analysis Report
  • VendorV
    • File System Analysis Report
    • Binary Analysis Report
  • Synology
    • Binary Analysis Report
Powered by GitBook
On this page

Introduction

We have been conducting vulnerability analysis on NVR over the past three months.

We analyzed vulnerabilities in Hikvision, Dahua, VendorV, and Synology, identifying weaknesses within OEM products associated with Hikvision and Dahua.

This document explains what we did and describes the entire methodology from firmware acquisition to vulnerability analysis.

Some content has been kept confidential in accordance with the vulnerability disclosure policy and the vendor's request.

For any inquiries, please contact us at nvr.bob12@gmail.com.

Released Vulnerabilities

Vendor
CVE ID
CVSS
Reference

Hikvision

CVE-2023-28812

9.1

Hikvision

CVE-2023-28813

8.1

Hikvision

CVE-2024-29947

2.7

Hikvision

CVE-2024-29948

3.8

Hikvision

CVE-2024-29949

7.2

Synology

CVE-2024-29228

7.7

Synology

CVE-2024-29229

7.7

Synology

CVE-2024-29241

9.9

Synology

CVE-2024-29227

5.4

Synology

CVE-2024-29230

5.4

Synology

CVE-2024-29231

5.4

Synology

CVE-2024-29232

5.4

Synology

CVE-2024-29233

5.4

Synology

CVE-2024-29234

5.4

Synology

CVE-2024-29235

5.4

Synology

CVE-2024-29236

5.4

Synology

CVE-2024-29237

5.4

Synology

CVE-2024-29238

5.4

Synology

CVE-2024-29239

5.4

Synology

CVE-2024-29240

4.3

NextAbout us

Last updated 10 months ago

NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD
NVD