TVN ID | TVN-201910004 |
---|---|
CVE ID | CVE-2020-3924 |
CVSS | 6.8 (Medium) CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H |
Affected Products | TONNET DVR prior to ver. 20191216 in TAT-76 series TONNET DVR prior to ver. 20200213 in TAT-77 series |
Description | DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system. |
Solution | Update to ver. 20191216 in TAT-76 series Update to ver. 20200213 in TAT-77 series |
Credit | Weber Tsai (CHT Security) |
Public Date | 2020-02-21 |