Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Xiongmaitech Subscribe
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45045 1 Xiongmaitech 144 Mbd6304t, Mbd6304t Firmware, Nbd6808t-pl and 141 more 2022-12-06 N/A 8.8 HIGH
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.
CVE-2021-38828 1 Xiongmaitech 2 Xm-jpr2-lx, Xm-jpr2-lx Firmware 2022-11-16 N/A 5.3 MEDIUM
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing.
CVE-2021-38827 1 Xiongmaitech 2 Xm-jpr2-lx, Xm-jpr2-lx Firmware 2022-11-16 N/A 7.5 HIGH
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.
CVE-2021-41506 1 Xiongmaitech 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more 2022-07-13 10.0 HIGH 9.8 CRITICAL
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.
CVE-2020-22253 1 Xiongmaitech 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more 2022-04-15 7.5 HIGH 9.8 CRITICAL
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.
CVE-2022-26259 1 Xiongmaitech 20 Ahb80n16t-gs, Ahb80n16t-gs Firmware, Ahb80n32f4-lme and 17 more 2022-04-04 4.6 MEDIUM 7.8 HIGH
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.
CVE-2018-17919 1 Xiongmaitech 1 Xmeye P2p Cloud Server 2019-10-09 6.4 MEDIUM 6.5 MEDIUM
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams.
CVE-2018-17917 1 Xiongmaitech 1 Xmeye P2p Cloud Server 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps.
CVE-2018-17915 1 Xiongmaitech 1 Xmeye P2p Cloud Server 2019-10-09 6.4 MEDIUM 9.8 CRITICAL
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
CVE-2019-11878 1 Xiongmaitech 2 Besder Ip20h1, Besder Ip20h1 Firmware 2019-05-13 3.3 LOW 6.5 MEDIUM
An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds.
CVE-2017-7577 1 Xiongmaitech 1 Uc-httpd 2018-09-10 5.0 MEDIUM 9.8 CRITICAL
XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.
CVE-2018-10088 1 Xiongmaitech 1 Uc-httpd 2018-07-31 10.0 HIGH 9.8 CRITICAL
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
CVE-2017-16725 1 Xiongmaitech 269 Ahb7004t-g-v4, Ahb7004t-g-v4 Firmware, Ahb7004t-gl-v4 and 266 more 2018-01-12 10.0 HIGH 9.8 CRITICAL
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.