Introduction

We have been conducting vulnerability analysis on NVR over the past three months.

We analyzed vulnerabilities in Hikvision, Dahua, VendorV, and Synology, identifying weaknesses within OEM products associated with Hikvision and Dahua.

This document explains what we did and describes the entire methodology from firmware acquisition to vulnerability analysis.

Some content has been kept confidential in accordance with the vulnerability disclosure policy and the vendor's request.

For any inquiries, please contact us at nvr.bob12@gmail.com.

Released Vulnerabilities

Vendor	CVE ID	CVSS	Reference
Hikvision	CVE-2023-28812	9.1	NVD
Hikvision	CVE-2023-28813	8.1	NVD
Hikvision	CVE-2024-29947	2.7	NVD
Hikvision	CVE-2024-29948	3.8	NVD
Hikvision	CVE-2024-29949	7.2	NVD
Synology	CVE-2024-29228	7.7	NVD
Synology	CVE-2024-29229	7.7	NVD
Synology	CVE-2024-29241	9.9	NVD
Synology	CVE-2024-29227	5.4	NVD
Synology	CVE-2024-29230	5.4	NVD
Synology	CVE-2024-29231	5.4	NVD
Synology	CVE-2024-29232	5.4	NVD
Synology	CVE-2024-29233	5.4	NVD
Synology	CVE-2024-29234	5.4	NVD
Synology	CVE-2024-29235	5.4	NVD
Synology	CVE-2024-29236	5.4	NVD
Synology	CVE-2024-29237	5.4	NVD
Synology	CVE-2024-29238	5.4	NVD
Synology	CVE-2024-29239	5.4	NVD
Synology	CVE-2024-29240	4.3	NVD