Lucene search

K
cve[email protected]CVE-2022-26259
HistoryMar 28, 2022 - 1:15 a.m.

CVE-2022-26259

2022-03-2801:15:07
CWE-120
web.nvd.nist.gov
67
2
cve-2022-26259
buffer overflow
xiongmai dvr
dos
nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.

Affected configurations

NVD
Node
xiongmaitechnbd80x16s-kl_firmwareMatch4.03.r11.nat.dss.onvifc.20210727
AND
xiongmaitechnbd80x16s-klMatch-
Node
xiongmaitechnbd80x09s-kl_firmwareMatch4.03.r11.nat.dss.onvifc.20210727
AND
xiongmaitechnbd80x09s-klMatch-
Node
xiongmaitechnbd80x08s-kl_firmwareMatch4.03.r11.nat.dss.onvifc.20210727
AND
xiongmaitechnbd80x08s-klMatch-
Node
xiongmaitechnbd80x09ra-kl_firmwareMatch4.03.r11.nat.dss.onvifc.20210727
AND
xiongmaitechnbd80x09ra-klMatch-
Node
xiongmaitechahb80x04r-mh_firmwareMatch4.03.r11.nat.dss.onvifc.20210729
AND
xiongmaitechahb80x04r-mhMatch-
Node
xiongmaitechahb80x04r-mh-v2_firmwareMatch4.03.r11.nat.dss.onvifc.20210729
AND
xiongmaitechahb80x04r-mh-v2Match-
Node
xiongmaitechahb80x04-r-mh-v3_firmwareMatch4.03.r11.nat.dss.onvifc.20210729
AND
xiongmaitechahb80x04-r-mh-v3Match-
Node
xiongmaitechahb80n16t-gs_firmwareMatch4.03.r11.7601.nat.onvifc.20211223
AND
xiongmaitechahb80n16t-gsMatch-
Node
xiongmaitechahb80n32f4-lme_firmwareMatch4.03.r11.7601.nat.onvifc.20211228
AND
xiongmaitechahb80n32f4-lmeMatch-
Node
xiongmaitechnbd90s0vt-qw_firmwareMatch4.03.r11.713g.nat.onvifc.2021
AND
xiongmaitechnbd90s0vt-qwMatch-

Social References

More

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

Related for CVE-2022-26259