CVE-2023-7227

Name of the Vulnerable Software and Affected Versions SystemK NVR versions 2.3.5SK.30084998 and prior

Description The issue is related to a command injection vulnerability in the dynamic domain name system (DDNS) settings. This vulnerability could allow an attacker to execute arbitrary commands with root privileges. The vulnerability is associated with the lack of data cleaning measures at the management level, which can be exploited by a remote attacker.

Recommendations For versions 2.3.5SK.30084998 and prior, consider disabling the DDNS settings as a temporary workaround until a patch is available. Restrict access to the DDNS configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.