Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-7339

CVE-2024-7339: Provision-ISR SH-4050A5-5L Information Disclosure

CVE-2024-7339 is an information disclosure vulnerability in Provision-ISR DVR SH-4050A5-5L firmware affecting the /queryDevInfo file. This article covers the technical details, affected firmware versions, security impact, and mitigation.

Updated:

CVE-2024-7339 Overview

CVE-2024-7339 is an information disclosure vulnerability affecting multiple Digital Video Recorder (DVR) devices from TVT, Provision-ISR, and AVISION. The vulnerability exists in the /queryDevInfo endpoint, which can be accessed remotely without authentication, allowing attackers to obtain sensitive device information. This flaw has been publicly disclosed and exploit code is available, increasing the risk of widespread exploitation against exposed devices.

Critical Impact

Unauthenticated remote attackers can extract sensitive device configuration and system information from vulnerable DVR devices, potentially enabling further targeted attacks against surveillance infrastructure.

Affected Products

  • TVT DVR TD-2104TS-CL (all firmware versions including 1.3.3.x and 1.3.4.x)
  • TVT DVR TD-2108TS-HP (all firmware versions including 1.3.3.x and 1.3.4.x)
  • Provision-ISR DVR SH-4050A5-5L(MM) (all firmware versions including 1.3.3.x and 1.3.4.x)
  • AVISION DVR AV108T (all firmware versions including 1.3.3.x and 1.3.4.x)

Discovery Timeline

  • August 1, 2024 - CVE-2024-7339 published to NVD
  • December 20, 2024 - Last updated in NVD database

Technical Details for CVE-2024-7339

Vulnerability Analysis

This vulnerability is classified as an Information Disclosure flaw (CWE-200) that resides in the web interface of affected DVR devices. The /queryDevInfo endpoint fails to implement proper access controls, allowing any remote attacker to query sensitive device information without requiring authentication. These DVR devices are commonly deployed for physical security surveillance, making unauthorized information disclosure particularly concerning as it could facilitate reconnaissance for physical security breaches or network intrusion.

The vulnerability can be exploited remotely over the network with no user interaction required and low attack complexity. An attacker simply needs network access to the vulnerable device's web interface to retrieve confidential device data.

Root Cause

The root cause of CVE-2024-7339 is the lack of authentication and authorization controls on the /queryDevInfo endpoint. The web server handling requests to this endpoint does not verify whether the requester has valid credentials or appropriate permissions before returning device information. This design flaw allows any network-accessible client to retrieve potentially sensitive data about the DVR system.

Attack Vector

The attack vector for this vulnerability is network-based and requires no authentication. An attacker can exploit this vulnerability by:

  1. Identifying a vulnerable DVR device exposed on the network (either internally or internet-facing)
  2. Sending an HTTP request to the /queryDevInfo endpoint
  3. Receiving sensitive device information in the response without any authentication challenge

The exploit has been publicly disclosed, and according to the NetSecFish Information Disclosure Report, detailed technical information about the vulnerability is available. Attackers with network access can directly query the vulnerable endpoint to extract device configuration data, firmware versions, and other system information that could be leveraged for further attacks.

Detection Methods for CVE-2024-7339

Indicators of Compromise

  • HTTP requests targeting the /queryDevInfo endpoint on DVR web interfaces
  • Unusual access patterns to DVR device web interfaces from unexpected IP addresses
  • Network traffic analysis showing successful responses from /queryDevInfo without preceding authentication attempts
  • Increased reconnaissance activity against network segments hosting surveillance equipment

Detection Strategies

  • Monitor web server logs on DVR devices for requests to /queryDevInfo from unauthorized sources
  • Implement network intrusion detection rules to alert on access attempts to the vulnerable endpoint
  • Deploy network traffic analysis to identify scanning activity targeting DVR devices on common ports (80, 8080, 443)
  • Create firewall rules with logging enabled to track external access attempts to DVR web interfaces

Monitoring Recommendations

  • Conduct regular asset inventory to identify all DVR devices on the network and their exposure level
  • Monitor for mass scanning attempts targeting the /queryDevInfo endpoint across device populations
  • Implement SIEM rules to correlate DVR access attempts with known malicious IP addresses
  • Perform periodic vulnerability scans to identify exposed DVR devices and verify access controls

How to Mitigate CVE-2024-7339

Immediate Actions Required

  • Immediately restrict network access to affected DVR devices using firewall rules or network segmentation
  • Disable or block external/internet access to DVR web interfaces
  • Place vulnerable devices behind a VPN or other secure remote access solution
  • Audit existing DVR deployments to identify all affected device models and firmware versions
  • Monitor network traffic for exploitation attempts targeting the /queryDevInfo endpoint

Patch Information

At the time of publication, the vendors (TVT, Provision-ISR, and AVISION) have not responded to disclosure attempts and no official patches are available. Organizations should prioritize network-level mitigations and access controls until vendor patches are released. Refer to VulDB #273262 Advisory for updates on patch availability.

Workarounds

  • Implement strict network segmentation to isolate DVR devices from general network traffic
  • Configure firewall rules to allow only trusted management IP addresses to access DVR web interfaces
  • Deploy a reverse proxy with authentication in front of DVR web interfaces if remote access is required
  • Consider replacing affected devices with alternatives that have better security support and timely patch availability
  • Disable the web interface entirely if not required for operational needs
bash
# Example firewall rules to restrict DVR access (iptables)
# Block all external access to DVR web interface
iptables -A INPUT -p tcp --dport 80 -s ! 192.168.1.0/24 -j DROP
iptables -A INPUT -p tcp --dport 8080 -s ! 192.168.1.0/24 -j DROP

# Allow only specific management workstation
iptables -A INPUT -p tcp --dport 80 -s 192.168.1.100 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne