Primary

Context

Industrial Video & Control Longwatch Unauthenticated Remote Code Execution Vulnerability

Vulnerability

A code injection vulnerability has been identified in Industrial Video & Control Longwatch devices, specifically in versions 6.309 to 6.334. This vulnerability allows unauthenticated HTTP GET requests to execute arbitrary code through an exposed endpoint. The issue arises from a lack of code signing and execution controls, with exploitation leading to SYSTEM-level privileges.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution with elevated privileges on the affected Longwatch device.

Remediation

Users running Longwatch versions 6.309 to 6.334 should upgrade to version 6.335 or later. For more details, consult the Longwatch Security Bulletin available on the Industrial Video & Control website.

Added: Dec 2, 2025, 8:19 PM

Updated: Dec 2, 2025, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Industrial Video & Control Longwatch Unauthenticated Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating