Vulnerabilities > Xiongmaitech > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2022-45460 | Out-of-bounds Write vulnerability in Xiongmaitech Mbd6304T Firmware and Nbd6808T-Pl Firmware Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. | 9.8 |
| 2022-06-30 | CVE-2021-41506 | Improper Authentication vulnerability in Xiongmaitech products Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. | 9.8 |
| 2022-04-06 | CVE-2020-22253 | Unspecified vulnerability in Xiongmaitech products Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device. | 9.8 |
| 2018-10-10 | CVE-2018-17915 | Missing Encryption of Sensitive Data vulnerability in Xiongmaitech Xmeye P2P Cloud Server All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. | 9.8 |
| 2018-06-08 | CVE-2018-10088 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xiongmaitech Uc-Httpd 1.0.0 Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. | 9.8 |
| 2017-12-20 | CVE-2017-16725 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xiongmaitech products A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. | 9.8 |
| 2017-04-07 | CVE-2017-7577 | Path Traversal vulnerability in Xiongmaitech Uc-Httpd XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. | 9.8 |