Dylan W. Como

**Name of the Vulnerable Software and Affected Versions** Agent DVR version 5.1.6.0 **Description** The issue allows attackers to upload arbitrary files via the `upload audio` component, potentially leading to unauthorized access or malicious activity. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For Agent DVR version 5.1.6.0, consider restricting access to the upload audio component until a patch is available. As a temporary workaround, disabling the upload audio functionality can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Agent DVR version 5.1.6.0 **Description** The issue is related to the Backup/Restore function in Agent DVR software, which is used for video surveillance. It involves incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to execute arbitrary code and upload arbitrary files. The vulnerability can be exploited by restoring a crafted backup file, allowing attackers to run arbitrary files. **Recommendations** For Agent DVR version 5.1.6.0, consider disabling the Backup/Restore function until a patch is available to prevent exploitation. Restrict access to the Backup/Restore feature to minimize the risk of arbitrary file execution. Avoid using the Backup/Restore function with untrusted or unknown backup files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.