Vulnerabilities > CVE-2022-45460 - Out-of-bounds Write vulnerability in Xiongmaitech Mbd6304T Firmware and Nbd6808T-Pl Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

xiongmaitech

CWE-787

critical

NVD

Published: 2023-03-28

Updated: 2023-04-07

Summary

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.

Vulnerable Configurations

Part	Description	Count
OS	Xiongmaitech Xiongmaitech Nbd6808T PL Firmware 4.02.R11.C7431119.12001.130000.00000 Xiongmaitech Mbd6304T Firmware 4.02.R11.00000117.10001.131900.00000	2
Hardware	Xiongmaitech Xiongmaitech Nbd6808T PL - Xiongmaitech Mbd6304T -	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References