Vulnerabilities > Xiongmaitech

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-39068 Classic Buffer Overflow vulnerability in Xiongmaitech Nb080S09S-Klc Firmware and Nbd80N32Ra-Kl-V3 Firmware
Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component.
network
low complexity
xiongmaitech CWE-120
7.5
2022-12-01 CVE-2022-45045 OS Command Injection vulnerability in Xiongmaitech products
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019.
network
low complexity
xiongmaitech CWE-78
8.8
2022-11-14 CVE-2021-38827 Authentication Bypass by Capture-replay vulnerability in Xiongmaitech Xm-Jpr2-Lx Firmware 4.02.R12.A6420987.10002.147502.00000
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.
high complexity
xiongmaitech CWE-294
7.5
2022-11-14 CVE-2021-38828 Cleartext Transmission of Sensitive Information vulnerability in Xiongmaitech Xm-Jpr2-Lx Firmware 4.02.R12.A6420987.10002.147502.00000
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing.
high complexity
xiongmaitech CWE-319
5.3
2022-06-30 CVE-2021-41506 Improper Authentication vulnerability in Xiongmaitech products
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.
network
low complexity
xiongmaitech CWE-287
critical
9.8
2022-04-06 CVE-2020-22253 Unspecified vulnerability in Xiongmaitech products
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.
network
low complexity
xiongmaitech
7.5
2022-03-28 CVE-2022-26259 Classic Buffer Overflow vulnerability in Xiongmaitech products
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.
local
low complexity
xiongmaitech CWE-120
4.6
2019-05-10 CVE-2019-11878 Integer Overflow or Wraparound vulnerability in Xiongmaitech Besder Ip20H1 Firmware 4.02.R12.00035520.12012.047500.00200
An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras.
low complexity
xiongmaitech CWE-190
3.3
2018-10-10 CVE-2018-17919 Use of Hard-coded Credentials vulnerability in Xiongmaitech Xmeye P2P Cloud Server
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams.
network
low complexity
xiongmaitech CWE-798
6.4
2018-10-10 CVE-2018-17917 Information Exposure vulnerability in Xiongmaitech Xmeye P2P Cloud Server
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs.
network
low complexity
xiongmaitech CWE-200
5.0