CVE-2020-3924
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.
MISC: https://tvn.twcert.org.tw/taiwanvn/TVN-201910004
MISC: https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3924
published: 26. 2. 2020
