Authentication Bypass Vulnerability in NVMS-9000 by Shenzhen TVT Digital Technology
CVE-2024-14007
Key Information:
- Status
- Vendor
- CVE Published:
- 24 November 2025
Badges
What is CVE-2024-14007?
The NVMS-9000 firmware from Shenzhen TVT Digital Technology, utilized in various DVR/NVR/IPC systems, is susceptible to an authentication bypass flaw. By delivering a specially crafted TCP payload to an exposed control port, an attacker without legitimate credentials can execute privileged administrative queries. This exploitation can lead to the exposure of sensitive information, such as cleartext admin usernames and passwords, alongside critical network and service configurations. Commands like queryBasicCfg, queryUserList, queryEmailCfg, and others can be leveraged to reveal essential device data, significantly compromising the security of the impacted systems.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
NVMS-9000 0 < 1.3.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved