Vulnerabilities > Xiongmaitech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-11 | CVE-2023-39068 | Classic Buffer Overflow vulnerability in Xiongmaitech Nb080S09S-Klc Firmware and Nbd80N32Ra-Kl-V3 Firmware Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component. | 7.5 |
| 2023-03-28 | CVE-2022-45460 | Out-of-bounds Write vulnerability in Xiongmaitech Mbd6304T Firmware and Nbd6808T-Pl Firmware Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. | 9.8 |
| 2022-12-01 | CVE-2022-45045 | OS Command Injection vulnerability in Xiongmaitech products Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. | 8.8 |
| 2022-11-14 | CVE-2021-38827 | Authentication Bypass by Capture-replay vulnerability in Xiongmaitech Xm-Jpr2-Lx Firmware 4.02.R12.A6420987.10002.147502.00000 Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. | 7.5 |
| 2022-11-14 | CVE-2021-38828 | Cleartext Transmission of Sensitive Information vulnerability in Xiongmaitech Xm-Jpr2-Lx Firmware 4.02.R12.A6420987.10002.147502.00000 Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. | 5.3 |
| 2022-06-30 | CVE-2021-41506 | Improper Authentication vulnerability in Xiongmaitech products Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. | 9.8 |
| 2022-04-06 | CVE-2020-22253 | Unspecified vulnerability in Xiongmaitech products Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device. | 9.8 |
| 2022-03-28 | CVE-2022-26259 | Classic Buffer Overflow vulnerability in Xiongmaitech products A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. | 7.8 |
| 2019-05-10 | CVE-2019-11878 | Integer Overflow or Wraparound vulnerability in Xiongmaitech Besder Ip20H1 Firmware 4.02.R12.00035520.12012.047500.00200 An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. | 6.5 |
| 2018-10-10 | CVE-2018-17919 | Use of Hard-coded Credentials vulnerability in Xiongmaitech Xmeye P2P Cloud Server All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. | 6.5 |