Vulnerabilities > Xiongmaitech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-14 | CVE-2021-38828 | Cleartext Transmission of Sensitive Information vulnerability in Xiongmaitech Xm-Jpr2-Lx Firmware 4.02.R12.A6420987.10002.147502.00000 Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. | 5.3 |
| 2022-03-28 | CVE-2022-26259 | Classic Buffer Overflow vulnerability in Xiongmaitech products A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. | 4.6 |
| 2018-10-10 | CVE-2018-17919 | Use of Hard-coded Credentials vulnerability in Xiongmaitech Xmeye P2P Cloud Server All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. | 6.4 |
| 2018-10-10 | CVE-2018-17917 | Information Exposure vulnerability in Xiongmaitech Xmeye P2P Cloud Server All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. | 5.0 |
| 2018-10-10 | CVE-2018-17915 | Missing Encryption of Sensitive Data vulnerability in Xiongmaitech Xmeye P2P Cloud Server All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. | 6.4 |
| 2017-04-07 | CVE-2017-7577 | Path Traversal vulnerability in Xiongmaitech Uc-Httpd XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. | 5.0 |