QwikSec

Security Database

CVE

CWE

Training

CVE-2024-41882

Published: Dec 24, 2024

Modified: Oct 1, 2025

PUBLISHED

Description

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Vendor	Product	Versions
Hanwha Vision Co., Ltd.	XRN-420S	affected `5.01.62 and prior versions`

Weaknesses (CWE)

References

https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.