CVE-2024-7339

Q: What is the severity of CVE-2024-7339?

CVE-2024-7339 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows remote attackers to access sensitive device information via the /queryDevInfo endpoint on affected DVR systems. It affects TVT, Provision-ISR, and AVISION DVR models, potentially exposing configuration details, network settings, or other sensitive data to unauthorized parties.

5.3 MEDIUM

📋 TL;DR

This vulnerability allows remote attackers to access sensitive device information via the /queryDevInfo endpoint on affected DVR systems. It affects TVT, Provision-ISR, and AVISION DVR models, potentially exposing configuration details, network settings, or other sensitive data to unauthorized parties.

💻 Affected Systems

Products:

TVT DVR TD-2104TS-CL
TVT DVR TD-2108TS-HP
Provision-ISR DVR SH-4050A5-5L(MM)
AVISION DVR AV108T

Versions: All versions (specific version range not specified in CVE)

Operating Systems: Embedded DVR firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /queryDevInfo endpoint specifically. Other DVR models from these vendors may also be vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain complete device configuration including passwords, network settings, and system information, enabling further attacks or device takeover.

🟠

Likely Case

Attackers gather sensitive information about device configuration and network topology, facilitating reconnaissance for subsequent attacks.

🟢

If Mitigated

Information exposure is limited to non-critical data due to network segmentation and access controls.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit details exist, making internet-facing devices prime targets.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this for reconnaissance and lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available. Simple HTTP request to /queryDevInfo endpoint returns sensitive information without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider workarounds or replacement with supported devices.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to DVR management interfaces using firewall rules

Endpoint Blocking

all

Block access to /queryDevInfo endpoint at web application firewall or reverse proxy

🧯 If You Can't Patch

Isolate affected DVRs in separate network segments with strict firewall rules
Implement network monitoring for unusual access patterns to /queryDevInfo endpoint

🔍 How to Verify

Check if Vulnerable:

Send HTTP GET request to http://[DVR_IP]/queryDevInfo and check if sensitive information is returned without authentication

Check Version:

Check device web interface or serial console for firmware version information

Verify Fix Applied:

After implementing workarounds, verify /queryDevInfo endpoint is inaccessible or returns appropriate access denied responses

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /queryDevInfo from unauthorized IPs
Unusual information disclosure in web server logs

Network Indicators:

HTTP GET requests to /queryDevInfo endpoint
Responses containing device configuration data

SIEM Query:

source_ip=* AND url_path="/queryDevInfo" AND response_size>1000

📊 Metadata

CVE ID: CVE-2024-7339

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

Published: August 1, 2024

Last Updated: December 20, 2024

🔗 References

https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.273262 Permissions Required,VDB Entry
https://vuldb.com/?id.273262 Permissions Required,VDB Entry
https://vuldb.com/?submit.379373 Third Party Advisory,VDB Entry

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Avision Av108t Firmware by Tvt

Avision Av108t Firmware by Tvt

Avision Av108t Firmware by Tvt

Avision Av108t Firmware by Tvt

Avision Av108t Firmware by Tvt

Avision Av108t Firmware by Tvt

Avision Av108t Firmware by Tvt

Sh 4050a5 5l\(mm\) Firmware by Provision Isr

Sh 4050a5 5l\(mm\) Firmware by Provision Isr

Sh 4050a5 5l\(mm\) Firmware by Provision Isr

Sh 4050a5 5l\(mm\) Firmware by Provision Isr

Sh 4050a5 5l\(mm\) Firmware by Provision Isr

Sh 4050a5 5l\(mm\) Firmware by Provision Isr

Sh 4050a5 5l\(mm\) Firmware by Provision Isr

Td 2104ts Cl Firmware by Tvt

Td 2104ts Cl Firmware by Tvt

Td 2104ts Cl Firmware by Tvt

Td 2104ts Cl Firmware by Tvt

Td 2104ts Cl Firmware by Tvt

Td 2104ts Cl Firmware by Tvt

Td 2104ts Cl Firmware by Tvt

Td 2108ts Hp Firmware by Tvt

Td 2108ts Hp Firmware by Tvt

Td 2108ts Hp Firmware by Tvt

Td 2108ts Hp Firmware by Tvt

Td 2108ts Hp Firmware by Tvt

Td 2108ts Hp Firmware by Tvt

Td 2108ts Hp Firmware by Tvt

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Control

Endpoint Blocking

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities