Remote Command Injection in Vacron Network Video Recorder Devices
CVE-2025-34043

10CRITICAL

Key Information:

Vendor: Vacron
Status: Network Video Recorder (nvr)
Vendor: CVE Published:; 26 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34043?

A critical security flaw exists in Vacron Network Video Recorder devices v1.4 due to improper input sanitization within the board.cgi script. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the underlying operating system by sending specially crafted HTTP requests. The executed commands run with the privileges of the web server process, enabling attackers to achieve remote code execution, leading to potential full device compromise. Organizations using affected versions of Vacron NVR devices should implement mitigation measures immediately to safeguard against unauthorized access and control.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Network Video Recorder (NVR) 1.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34043 - Proof of Concept