MidnightBSD

Advisories for xiongmaitech

CVE-2017-16725 HIGH

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xiongmaitech ipg-53h13pe-wp_firmware -
xiongmaitech ahb7008f2-h_firmware 4.02.r11.3070
xiongmaitech ahb7032f4-lm-v2_firmware 4.02.r11.7601
xiongmaitech ahb7008f8-h_firmware 4.02.r11.3070
xiongmaitech ahb7016t-gs-v3_firmware 4.02.r11.7601
xiongmaitech ahb7008t4-h-v2_firmware 4.02.r11.7601
xiongmaitech ipg-53h20pl-b_firmware -
xiongmaitech ipg-50h10pe-sl_firmware -
xiongmaitech ipg-53h20py-s_firmware -
xiongmaitech ahb7016t-mh-v3_firmware 4.02.r11.7601
xiongmaitech ipg-50x10pe-s_firmware -
xiongmaitech ahb7016t4-mh-v2_firmware 4.02.r11.7601
xiongmaitech ahb7032f2-gs-v3_firmware 4.02.r11.7601
xiongmaitech ipm-50h10pe-wr_firmware -
xiongmaitech ipg-53h13pe-s_firmware -
xiongmaitech ahb7016t4-gs-v3_firmware 4.02.r11.7601
xiongmaitech ipg-53hv13pa-a_firmware -
xiongmaitech ipm-53h13pe-wrm_firmware -
xiongmaitech ipm-50v10pl-wrc_firmware -
xiongmaitech ipg-83h50p-b_firmware -
xiongmaitech ipg-53h13pls-s_firmware -
xiongmaitech ipg-53h20pl-s_firmware -
xiongmaitech ipg-83h20pa-s_firmware -
xiongmaitech ipg-50h10pe-wk-2f_firmware -
xiongmaitech ipg-50hv20pet-a_firmware -
xiongmaitech ipg-83h40pl-b_firmware -
xiongmaitech ipg-hp500nr-s_firmware -
xiongmaitech ahb7808r-ms-v3_firmware 4.02.r11.nat.onvifc.20170327
xiongmaitech ipg-83h40af_firmware -
xiongmaitech ipg-50x10pt-s_firmware -
xiongmaitech ahb7004t-gl-v4_firmware 4.02.r11.7601
xiongmaitech ipg-53h10pe-s_firmware -
xiongmaitech ipg-53hv13pa-wp_firmware -
xiongmaitech ahb7008f2-g-v4_firmware 4.02.r11.7601
xiongmaitech ipg-53h13pl-ae_firmware -
xiongmaitech ipg-50hv20psa-s_firmware -
xiongmaitech ahb7008f4-g-v4_firmware 4.02.r11.7601
xiongmaitech ahb7032f4-lm-v3_firmware 4.02.r11.7601
xiongmaitech ipg-53h13pet-s_firmware -
xiongmaitech ipg-53h13p-b_firmware -
xiongmaitech ahb7008t4-h-v2 _firmware
xiongmaitech ipg-53h13pl-p_firmware -
xiongmaitech ipm-53h13pe-wr_firmware -
xiongmaitech ahb7804r-mh-v3_firmware 4.02.r11.7601
xiongmaitech ipg-50h10pl-p_firmware -
xiongmaitech ipg-53h20pl-p_firmware -
xiongmaitech ipm-53hv13pe-wr_firmware -
xiongmaitech ahb7004t-gs-v3_firmware 4.02.r11.7601
xiongmaitech ipg-53h13pes-s_firmware -
xiongmaitech ahb7808r-mh-v3_firmware 4.02.r11.7601
xiongmaitech ipg-53x13pe-s_firmware -
xiongmaitech ipm-50hv20pe-wr_firmware -
xiongmaitech ahb7008t-h-v2_firmware 4.02.r11.7601
xiongmaitech ipg-83h40pl-p_firmware -
xiongmaitech ahb7804r-lms-v3_firmware 4.02.r11.nat.onvifc.20171019
xiongmaitech ahb7016t-lm-v2_firmware 4.02.r11.7601
xiongmaitech ahb7008t-gs-v3_firmware 4.02.r11.7601
xiongmaitech ahb7004t-lme-v3_firmware 4.02.r11.7601
xiongmaitech ahb7008t-lm-v2_firmware 4.02.r11.7601
xiongmaitech ipg-50h10pl-ae_firmware -
xiongmaitech ivg-hp203y-ae_firmware -
xiongmaitech ipg-53h13pe-wk_firmware -
xiongmaitech ipg-50hv10pt-s_firmware -
xiongmaitech ipg-80he20ps-s_firmware -
xiongmaitech ipg-50hv20pes-s_firmware -
xiongmaitech ipm-53v13pl-wr_firmware -
xiongmaitech ahb7004t-mh-v2_firmware 4.02.r11.7601
xiongmaitech ipg-50h10pl-r_firmware -
xiongmaitech ahb7016f8-gl-v4_firmware 4.02.r11.7601
xiongmaitech ipg-50hv10pt-wp_firmware -
xiongmaitech ipg-83h20pl-b_firmware -
xiongmaitech ahb7008f4-h_firmware 4.02.r11.3070
xiongmaitech ipg-50hv20psb-a_firmware -
xiongmaitech ahb7016f2-gl-v4_firmware 4.02.r11.7601
xiongmaitech ahb7804r-ms-v3_firmware 4.02.r11.nat.onvifc.20170327
xiongmaitech ivg-hp203y-se_firmware -
xiongmaitech ipg-50h20pt-s_firmware -
xiongmaitech ipg-52h10pl-b_firmware -
xiongmaitech ipg-53h13p-ae_firmware -
xiongmaitech ahb7004t-h-v2_firmware 4.02.r11.7601
xiongmaitech ahb7804r-lm-v3_firmware 4.02.r11.nat.onvifc.20171120
xiongmaitech ahb7032f4-gs-v3_firmware 4.02.r11.7601
xiongmaitech ahb7016f8-gs-v3_firmware 4.02.r11.7601
xiongmaitech ahb7032f8-gs-v3_firmware 4.02.r11.7601
xiongmaitech ipg-83h20pa-a_firmware -
xiongmaitech ipg-50h10pl-s_firmware -
xiongmaitech ahb7004t-g-v4_firmware 4.02.r11.7601
xiongmaitech ipg-53h13pes-sl_firmware -
xiongmaitech ipm-50h10pe-wrm_firmware -
xiongmaitech ipg-80h20pt-s_firmware -
xiongmaitech ahb7004t-mh-v3_firmware 4.02.r11.7601
xiongmaitech ipm-50hv10pt-wr_firmware -
xiongmaitech ahb7008t-mh-v2_firmware 4.02.r11.7601
xiongmaitech ipm-50h10pe-o(r)_firmware -
xiongmaitech ahb7016t-mh-v2_firmware 4.02.r11.7601
xiongmaitech ipg-53hv13pt-s_firmware -
xiongmaitech ahb7032f2-lm-v3_firmware 4.02.r11.7601
xiongmaitech ipg-52h10pl-p_firmware -
xiongmaitech ipg-54h20pl-s_firmware -
xiongmaitech ahb7008t-lme-v3_firmware 4.02.r11.7601
xiongmaitech ahb7808r-lm-v3_firmware 4.02.r11.nat.onvifc.20171120
xiongmaitech ipm-50h10pe-wrc_firmware -
xiongmaitech ahb7008f8-g-v4_firmware 4.02.r11.7601
xiongmaitech ipg-50h10pe-s_firmware -
xiongmaitech ipg-50h10pl-b_firmware -
xiongmaitech ipg-53h13p-p_firmware -
xiongmaitech ipg-50hv10pv-a_firmware -
xiongmaitech ipg-53hv13pa-s_firmware -
xiongmaitech ipg-50hv10pt-a_firmware -
xiongmaitech ahb7008t-lm-v3_firmware 4.02.r11.3070
xiongmaitech ipg-50hv10pv-s_firmware -
xiongmaitech ahb7016t-lm-v3_firmware 4.02.r11.3070
xiongmaitech ahb7008t-mh-v3_firmware 4.02.r11.7601
xiongmaitech ahb7032f8-lm-v2_firmware 4.02.r11.7601
xiongmaitech ipg-83h20pl-p_firmware -
xiongmaitech ipg-80h20pt-a_firmware -
xiongmaitech ipg-53h13pl-s_firmware -
xiongmaitech ipg-53h13pl-b_firmware -
xiongmaitech ipg-50hv20pet-s_firmware -
xiongmaitech ahb7016f4-gl-v4_firmware 4.02.r11.7601
xiongmaitech ahb7008t-gl-v4_firmware 4.02.r11.7601
xiongmaitech ipg-53h20pl-ae_firmware -
xiongmaitech ahb7004t-lm-v3_firmware 4.02.r11.3070
xiongmaitech ipg-83h50p-p_firmware -
xiongmaitech ipg-53x13pt-s_firmware -
xiongmaitech ahb7016t-lme-v3_firmware 4.02.r11.7601
xiongmaitech ipm-50v10pl-wr_firmware -
xiongmaitech ipg-53h13p-s_firmware -
xiongmaitech ipg-53h13pl-r_firmware -
xiongmaitech ipg-54h13pe-s_firmware -
xiongmaitech ipg-50h10pe-wk_firmware -
xiongmaitech ipm-53h13pe-wrc_firmware -
xiongmaitech ipg-50hv20psb-s_firmware -
xiongmaitech ipg-50h10pe-wp_firmware -
xiongmaitech ipg-53h13pe-wk-4f_firmware -
xiongmaitech ipg-53x13pa-s_firmware -
CVE-2017-7577 MEDIUM

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
xiongmaitech uc-httpd -
CVE-2018-10088 HIGH

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xiongmaitech uc-httpd 1.0.0
CVE-2018-17915 MEDIUM

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-311,

Products Affected

Vendor Product Version
xiongmaitech xmeye_p2p_cloud_server -
CVE-2018-17917 MEDIUM

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-341,CWE-200,

Products Affected

Vendor Product Version
xiongmaitech xmeye_p2p_cloud_server *
CVE-2018-17919 MEDIUM

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-912,CWE-798,

Products Affected

Vendor Product Version
xiongmaitech xmeye_p2p_cloud_server *
CVE-2019-11878 LOW

An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds.

CVSS 2.0

Severity: LOW

Problem Type: CWE-190,

Products Affected

Vendor Product Version
xiongmaitech besder_ip20h1_firmware 4.02.r12.00035520.12012.047500.00200
CVE-2020-22253 HIGH

Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
xiongmaitech ahb7808t-ms-v2_firmware 4.02.r11.nat.onvifc.20161205
xiongmaitech ahb7804r-mh-v2_firmware 4.02.r11.7601.nat.onvifc.20170424
xiongmaitech ahb7008t-mh-v2_firmware 4.02.r11.7601.nat.onvifc.20170420
xiongmaitech ahb7808r-ms_firmware 4.02.r11.nat.onvifc.20170328
xiongmaitech hi3518e_50h10l_s39_firmware 4.02.r12.nat.onvifs.20170727_all
xiongmaitech ahb7804r-els_firmware 4.02.r11.nat.onvifc.20160422
xiongmaitech ahb7804r-lms_firmware 4.02.r11.nat.onvifc.20170301
xiongmaitech ahb7808r-ms-v2_firmware 4.02.r11.nat.onvifc.20170327
CVE-2021-38827

Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.

Products Affected

Vendor Product Version
xiongmaitech xm-jpr2-lx_firmware *
CVE-2021-38828

Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing.

Products Affected

Vendor Product Version
xiongmaitech xm-jpr2-lx_firmware *
CVE-2021-41506 HIGH

Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
xiongmaitech ahb7804r-lms_firmware 4.02.r11.nat.20170301
xiongmaitech ahb7808r-ms_firmware 4.02.r11.nat.onvif.20160328
xiongmaitech hi3518e_50h10l_s39_firmware 4.02.r12.nat.onvifs.20170727
xiongmaitech ahb7808t-ms-v2_firmware 4.02.r11.nat.onvifc.20161205
xiongmaitech ahb7808r-ms-v2_firmware 4.02.r11.nat.onvif.20170327
xiongmaitech ahb7804r-els_firmware 4.02.r11.nat.onvif.20160422
xiongmaitech ahb7804r-mh-v2_firmware 4.02.r11.7601.nat.onvif.20170424
xiongmaitech ahb7008t-mh-v2_firmware 4.02.r11.7601.nat.onvif.20170420
CVE-2022-26259 MEDIUM

A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
xiongmaitech nbd80x09ra-kl_firmware 4.03.r11.nat.dss.onvifc.20210727
xiongmaitech nbd80x08s-kl_firmware 4.03.r11.nat.dss.onvifc.20210727
xiongmaitech nbd80x09s-kl_firmware 4.03.r11.nat.dss.onvifc.20210727
xiongmaitech ahb80n32f4-lme_firmware 4.03.r11.7601.nat.onvifc.20211228
xiongmaitech ahb80n16t-gs_firmware 4.03.r11.7601.nat.onvifc.20211223
xiongmaitech ahb80x04r-mh_firmware 4.03.r11.nat.dss.onvifc.20210729
xiongmaitech nbd80x16s-kl_firmware 4.03.r11.nat.dss.onvifc.20210727
xiongmaitech ahb80x04r-mh-v2_firmware 4.03.r11.nat.dss.onvifc.20210729
xiongmaitech ahb80x04-r-mh-v3_firmware 4.03.r11.nat.dss.onvifc.20210729
xiongmaitech nbd90s0vt-qw_firmware 4.03.r11.713g.nat.onvifc.2021
CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.

Products Affected

Vendor Product Version
xiongmaitech nbd7004t-p *
xiongmaitech nbd8008t-q *
xiongmaitech nbd8908r-yl *
xiongmaitech nbd8032h4-qe *
xiongmaitech nbd6808t-pl_firmware 4.02.r11.c7431119.12001.130000.00000
xiongmaitech nbd7016t-f-v2_firmware -
xiongmaitech nbd8032h8-p *
xiongmaitech nbd8904t-gsc-xpoe -
xiongmaitech nbd8032h8-p_firmware -
xiongmaitech nbd7024t-p_firmware -
xiongmaitech nbd8008r-pl_firmware -
xiongmaitech nbd8004r-pl(ep) *
xiongmaitech nbd7008t-p_firmware -
xiongmaitech nbd8009s-ula-v2 -
xiongmaitech nbd7004t-p_firmware -
xiongmaitech nbd7808t-pl_firmware -
xiongmaitech nbd7904t-p_firmware -
xiongmaitech nbd8032h4-ul_firmware -
xiongmaitech nbd7904t-plc-xpoe -
xiongmaitech nbd8016ra-ulk -
xiongmaitech nbd80s16s-kl(ep)_firmware -
xiongmaitech nbd7904t-pl *
xiongmaitech nbd7804t-pl_firmware -
xiongmaitech nbd8908r-pl_firmware -
xiongmaitech mbd6304t_firmware 4.02.r11.00000117.10001.131900.00000
xiongmaitech nbd7904t-q_firmware -
xiongmaitech nbd80n16ra-kl(ep)_firmware -
xiongmaitech nbd8016ra-ul(ep) -
xiongmaitech nbd8008ra-glk_firmware -
xiongmaitech nbd8904r-yl -
xiongmaitech nbd7904t-q *
xiongmaitech nbd7908t-q_firmware -
xiongmaitech nbd80x09ra-kl -
xiongmaitech nbd8064h8-p_firmware -
xiongmaitech nbd8908t-pl-xpoe -
xiongmaitech nbd8908r-pl *
xiongmaitech nbd8916f8-q_firmware -
xiongmaitech nbd7804t-pl *
xiongmaitech nbd8904t-q *
xiongmaitech nbd7008t-p *
xiongmaitech nbd7804r-fw *
xiongmaitech nbd8010s-kl-v2_firmware -
xiongmaitech nbd8908t-pl-xpoe_firmware -
xiongmaitech nbd8016ra-ul -
xiongmaitech nbd8908t-plc-xpoe_firmware -
xiongmaitech nbd8004r-pl(ep)_firmware -
xiongmaitech nbd7904t-plc-xpoe_firmware -
xiongmaitech nbd8032h4-q_firmware -
xiongmaitech nbd8904r-yl_firmware -
xiongmaitech nbd7904t-pl_firmware -
xiongmaitech nbd80n16ra-kl(ep) -
xiongmaitech nbd8008r-yl(ep)_firmware -
xiongmaitech nbd7804r-f(hdmi) *
xiongmaitech nbd8916f4-q_firmware -
xiongmaitech nbd8908t-plc-xpoe -
xiongmaitech nbd8016s-ula-v2_firmware -
xiongmaitech nbd80s10s-kl -
xiongmaitech nbd8008ra-ulk -
xiongmaitech nbd7804r-f(hdmi)_firmware -
xiongmaitech nbd8016t-q-v2_firmware -
xiongmaitech nbd8008ra-ulk_firmware -
xiongmaitech nbd8016ra-ulk_firmware -
xiongmaitech nbd80n16ra-kl_firmware -
xiongmaitech nbd7804r-f(ep)_firmware -
xiongmaitech nbd8008ra-gl -
xiongmaitech nbd7024h-p *
xiongmaitech nbd7808r-pl(hdmi) *
xiongmaitech nbd7808t-pl *
xiongmaitech nbd8004r-yl(ep) -
xiongmaitech nbd80s16s-kl -
xiongmaitech nbd80n16ra-kl -
xiongmaitech nbd8032h4-q *
xiongmaitech nbd8004t-q *
xiongmaitech nbd8032ra-ul-v2_firmware -
xiongmaitech nbd7904t-p *
xiongmaitech nbd8010s-kl-v2 -
xiongmaitech nbd8004r-yl(ep)_firmware -
xiongmaitech nbd8004t-q_firmware -
xiongmaitech nbd7804r-fw_firmware -
xiongmaitech nbd8016ra-ul_firmware -
xiongmaitech nbd8032h4-p_firmware -
xiongmaitech nbd8032h8-qe_firmware -
xiongmaitech nbd8025r-ul *
xiongmaitech nbd7024h-p_firmware -
xiongmaitech nbd7808r-pl(ep)_firmware -
xiongmaitech nbd8008ra-ula -
xiongmaitech nbd8904t-q_firmware -
xiongmaitech nbd80x09ra-kl_firmware -
xiongmaitech nbd8016r-ul *
xiongmaitech nbd8008ra-ula_firmware -
xiongmaitech nbd8916f4-q *
xiongmaitech nbd8016s-ula-v2 -
xiongmaitech nbd7904t-pl-xpoe -
xiongmaitech nbd80s08s-kl(ep)_firmware -
xiongmaitech nbd8008r-pl(ep)_firmware -
xiongmaitech nbd8008ra-ul(ep) -
xiongmaitech nbd8904t-gsc-xpoe_firmware -
xiongmaitech nbd80s08s-kl(ep) -
xiongmaitech nbd8009s-ula-v2_firmware -
xiongmaitech nbd8008r-pl(ep) *
xiongmaitech nbd8008ra-glk -
xiongmaitech nbd6808t-pl -
xiongmaitech nbd8016t-q-v2 *
xiongmaitech nbd8916f8-q *
xiongmaitech nbd80s16s-kl_firmware -
xiongmaitech nbd7024t-p *
xiongmaitech nbd8904r-pl *
xiongmaitech nbd80s10s-kl_firmware -
xiongmaitech nbd8016ra-k(ep)_firmware -
xiongmaitech nbd8032h8-qe *
xiongmaitech nbd8008r-yl(ep) -
xiongmaitech nbd8008ra-ul(ep)_firmware -
xiongmaitech nbd8016ra-ula -
xiongmaitech nbd7904r-fs_firmware -
xiongmaitech nbd7808r-pl(hdmi)_firmware -
xiongmaitech nbd8016s-kl-v2 -
xiongmaitech nbd8032h4-ul -
xiongmaitech nbd7804r-f(ep) *
xiongmaitech nbd80x09s-kl_firmware -
xiongmaitech nbd8008t-q_firmware -
xiongmaitech nbd8016ra-k(ep) -
xiongmaitech nbd7904r-fs *
xiongmaitech nbd8016s-kl-v2_firmware -
xiongmaitech nbd7908t-q *
xiongmaitech nbd8016ra-ul(ep)_firmware -
xiongmaitech nbd8904r-pl_firmware -
xiongmaitech nbd7016t-f-v2 *
xiongmaitech nbd7808r-pl(ep) *
xiongmaitech nbd8032h4-qe_firmware -
xiongmaitech nbd7904t-pl-xpoe_firmware -
xiongmaitech nbd8016r-ul_firmware -
xiongmaitech nbd88x09s-kl -
xiongmaitech nbd8025r-ul_firmware -
xiongmaitech nbd8008r-pl *
xiongmaitech nbd8008ra-gl_firmware -
xiongmaitech nbd80s16s-kl(ep) -
xiongmaitech nbd8064h8-p *
xiongmaitech nbd8016ra-ula_firmware -
xiongmaitech nbd8032ra-ul-v2 -
xiongmaitech nbd80x09s-kl -
xiongmaitech nbd8032h4-p *
xiongmaitech nbd88x09s-kl_firmware -
xiongmaitech nbd8908r-yl_firmware -
xiongmaitech mbd6304t -
CVE-2022-45460

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
xiongmaitech nbd6808t-pl_firmware 4.02.r11.c7431119.12001.130000.00000
xiongmaitech mbd6304t_firmware 4.02.r11.00000117.10001.131900.00000
CVE-2023-39068

Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
xiongmaitech nb080s09s-klc_firmware yk_hzxm_nbd80s09s-klc_v4.03.r11.7601.nat.onvifc.20230414
xiongmaitech nbd80n32ra-kl-v3_firmware yk_hzxm_nbd80n32ra-kl_v4.03.r11.7601.nat.onvifc.20220120
CVE-2025-65856

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
xiongmaitech xm530v200_x6-weq_8m_firmware 5.00.r02.000807d8.10010.346624.s.onvif_21.06
CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
xiongmaitech xm530v200_x6-weq_8m_firmware 5.00.r02.000807d8.10010.346624.s.onvif_21.06