CVE-2024-22514

Name of the Vulnerable Software and Affected Versions Agent DVR version 5.1.6.0

Description The issue is related to the Backup/Restore function in Agent DVR software, which is used for video surveillance. It involves incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to execute arbitrary code and upload arbitrary files. The vulnerability can be exploited by restoring a crafted backup file, allowing attackers to run arbitrary files.

Recommendations For Agent DVR version 5.1.6.0, consider disabling the Backup/Restore function until a patch is available to prevent exploitation. Restrict access to the Backup/Restore feature to minimize the risk of arbitrary file execution. Avoid using the Backup/Restore function with untrusted or unknown backup files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.