CVE-2023-42425 in Video Turing Edge+ EVC5FD
Summary
by MITRE • 10/31/2023
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/02/2026
The vulnerability identified as CVE-2023-42425 affects the Turing Video Turing Edge+ EVC5FD device running firmware version 1.38.6 and represents a critical security flaw in the cloud connection components of this video surveillance system. This device is designed for edge computing applications in video surveillance environments, where it processes and transmits video data to cloud services for storage and analysis. The vulnerability manifests within the communication protocols used to establish and maintain connections with cloud services, creating an attack surface that remote adversaries can exploit to gain unauthorized access to the device's operational capabilities.
The technical implementation of this flaw involves insufficient input validation and authentication mechanisms within the cloud connectivity modules of the device. Attackers can leverage this vulnerability to execute arbitrary code on the affected system, effectively gaining full control over the device's operations. This includes the ability to manipulate video streams, access stored data, modify system configurations, and potentially use the compromised device as a pivot point for further attacks within the local network. The vulnerability stems from inadequate sanitization of data received through cloud connection interfaces, allowing malicious inputs to be processed without proper validation checks that would normally prevent code execution or data leakage.
The operational impact of this vulnerability extends beyond simple device compromise, as it enables attackers to access sensitive information stored on or processed by the device. This includes video footage, user credentials, system configurations, and potentially network topology information that could be used for further attacks. The remote exploitation capability means that adversaries do not require physical access to the device, significantly expanding the attack surface and making the vulnerability particularly dangerous in deployed surveillance networks. Organizations using these devices face risks including unauthorized surveillance, data breaches, and potential use of compromised devices for malicious activities such as distributed denial-of-service attacks or as part of botnet operations.
Security mitigation strategies should focus on immediate firmware updates provided by the vendor to address the specific validation and authentication flaws within the cloud connection components. Network segmentation and access controls should be implemented to limit the exposure of these devices to untrusted networks, while monitoring systems should be deployed to detect anomalous behavior indicative of exploitation attempts. The vulnerability aligns with CWE-79 (Cross-site Scripting) and CWE-94 (Code Injection) categories, representing a code execution flaw that could be classified under the ATT&CK technique T1059.007 (Command and Scripting Interpreter: PowerShell) when exploited through cloud interfaces. Organizations should also implement network traffic analysis to identify potential exploitation attempts and maintain detailed logs of cloud connectivity activities for forensic analysis purposes.