Lucene search

[email protected]CVE-2022-45045

HistoryDec 01, 2022 - 5:15 a.m.

CVE-2022-45045

2022-12-0105:15:12

CWE-78

[email protected]

web.nvd.nist.gov

In Wild

cve-2022-45045

xiongmai

nvr

authenticated users

arbitrary commands

remote attack

default credentials

crafted json file

upgrade request

telnetd

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.7%

JSON

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.

Affected configurations

NVD

Node

xiongmaitechmbd6304tMatch-

xiongmaitechnbd6808t-plMatch-

xiongmaitechnbd7004t-p

xiongmaitechnbd7008t-p

xiongmaitechnbd7016t-f-v2

xiongmaitechnbd7024h-p

xiongmaitechnbd7024t-p

xiongmaitechnbd7804r-f\(ep\)

xiongmaitechnbd7804r-f\(hdmi\)

xiongmaitechnbd7804r-fw

xiongmaitechnbd7804t-pl

xiongmaitechnbd7808r-pl\(ep\)

xiongmaitechnbd7808r-pl\(hdmi\)

xiongmaitechnbd7808t-pl

xiongmaitechnbd7904r-fs

xiongmaitechnbd7904t-p

xiongmaitechnbd7904t-pl

xiongmaitechnbd7904t-pl-xpoeMatch-

xiongmaitechnbd7904t-plc-xpoeMatch-

xiongmaitechnbd7904t-q

xiongmaitechnbd7908t-q

xiongmaitechnbd8004r-pl\(ep\)

xiongmaitechnbd8004r-yl\(ep\)Match-

xiongmaitechnbd8004t-q

xiongmaitechnbd8008r-pl

xiongmaitechnbd8008r-pl\(ep\)

xiongmaitechnbd8008r-yl\(ep\)Match-

xiongmaitechnbd8008ra-glMatch-

xiongmaitechnbd8008ra-glkMatch-

xiongmaitechnbd8008ra-ul\(ep\)Match-

xiongmaitechnbd8008ra-ulaMatch-

xiongmaitechnbd8008ra-ulkMatch-

xiongmaitechnbd8008t-q

xiongmaitechnbd8009s-ula-v2Match-

xiongmaitechnbd8010s-kl-v2Match-

xiongmaitechnbd8016r-ul

xiongmaitechnbd8016ra-k\(ep\)Match-

xiongmaitechnbd8016ra-ulMatch-

xiongmaitechnbd8016ra-ul\(ep\)Match-

xiongmaitechnbd8016ra-ulaMatch-

xiongmaitechnbd8016ra-ulkMatch-

xiongmaitechnbd8016s-kl-v2Match-

xiongmaitechnbd8016s-ula-v2Match-

xiongmaitechnbd8016t-q-v2

xiongmaitechnbd8025r-ul

xiongmaitechnbd8032h4-p

xiongmaitechnbd8032h4-q

xiongmaitechnbd8032h4-qe

xiongmaitechnbd8032h4-ulMatch-

xiongmaitechnbd8032h8-p

xiongmaitechnbd8032h8-qe

xiongmaitechnbd8032ra-ul-v2Match-

xiongmaitechnbd8064h8-p

xiongmaitechnbd80n16ra-klMatch-

xiongmaitechnbd80n16ra-kl\(ep\)Match-

xiongmaitechnbd80s08s-kl\(ep\)Match-

xiongmaitechnbd80s10s-klMatch-

xiongmaitechnbd80s16s-klMatch-

xiongmaitechnbd80s16s-kl\(ep\)Match-

xiongmaitechnbd80x09ra-klMatch-

xiongmaitechnbd80x09s-klMatch-

xiongmaitechnbd88x09s-klMatch-

xiongmaitechnbd8904r-pl

xiongmaitechnbd8904r-ylMatch-

xiongmaitechnbd8904t-gsc-xpoeMatch-

xiongmaitechnbd8904t-q

xiongmaitechnbd8908r-pl

xiongmaitechnbd8908r-yl

xiongmaitechnbd8908t-pl-xpoeMatch-

xiongmaitechnbd8908t-plc-xpoeMatch-

xiongmaitechnbd8916f4-q

xiongmaitechnbd8916f8-q

Node

xiongmaitechmbd6304tMatch-

AND

xiongmaitechmbd6304t_firmwareMatch4.02.r11.00000117.10001.131900.00000

Node

xiongmaitechnbd6808t-pl_firmwareMatch4.02.r11.c7431119.12001.130000.00000

AND

xiongmaitechnbd6808t-plMatch-

Node

xiongmaitechnbd7004t-p_firmwareMatch-

AND

xiongmaitechnbd7004t-pMatch-

Node

xiongmaitechnbd7008t-p_firmwareMatch-

AND

xiongmaitechnbd7008t-pMatch-

Node

xiongmaitechnbd7016t-f-v2_firmwareMatch-

AND

xiongmaitechnbd7016t-f-v2Match-

Node

xiongmaitechnbd7024h-p_firmwareMatch-

AND

xiongmaitechnbd7024h-pMatch-

Node

xiongmaitechnbd7024t-p_firmwareMatch-

AND

xiongmaitechnbd7024t-pMatch-

Node

xiongmaitechnbd7804r-f\(ep\)_firmwareMatch-

AND

xiongmaitechnbd7804r-f\(ep\)Match-

Node

xiongmaitechnbd7804r-f\(hdmi\)_firmwareMatch-

AND

xiongmaitechnbd7804r-f\(hdmi\)Match-

Node

xiongmaitechnbd7804r-fw_firmwareMatch-

AND

xiongmaitechnbd7804r-fwMatch-

Node

xiongmaitechnbd7804t-pl_firmwareMatch-

AND

xiongmaitechnbd7804t-plMatch-

Node

xiongmaitechnbd7808r-pl\(ep\)_firmwareMatch-

AND

xiongmaitechnbd7808r-pl\(ep\)Match-

Node

xiongmaitechnbd7808r-pl\(hdmi\)_firmwareMatch-

AND

xiongmaitechnbd7808r-pl\(hdmi\)Match-

Node

xiongmaitechnbd7808t-pl_firmwareMatch-

AND

xiongmaitechnbd7808t-plMatch-

Node

xiongmaitechnbd7904r-fs_firmwareMatch-

AND

xiongmaitechnbd7904r-fsMatch-

Node

xiongmaitechnbd7904t-p_firmwareMatch-

AND

xiongmaitechnbd7904t-pMatch-

Node

xiongmaitechnbd7904t-pl_firmwareMatch-

AND

xiongmaitechnbd7904t-plMatch-

Node

xiongmaitechnbd7904t-pl-xpoe_firmwareMatch-

AND

xiongmaitechnbd7904t-pl-xpoeMatch-

Node

xiongmaitechnbd7904t-plc-xpoe_firmwareMatch-

AND

xiongmaitechnbd7904t-plc-xpoeMatch-

Node

xiongmaitechnbd7904t-q_firmwareMatch-

AND

xiongmaitechnbd7904t-qMatch-

Node

xiongmaitechnbd7908t-q_firmwareMatch-

AND

xiongmaitechnbd7908t-qMatch-

Node

xiongmaitechnbd8004r-pl\(ep\)_firmwareMatch-

AND

xiongmaitechnbd8004r-pl\(ep\)Match-

Node

xiongmaitechnbd8004r-yl\(ep\)_firmwareMatch-

AND

xiongmaitechnbd8004r-yl\(ep\)Match-

Node

xiongmaitechnbd8004t-q_firmwareMatch-

AND

xiongmaitechnbd8004t-qMatch-

Node

xiongmaitechnbd8008r-pl_firmwareMatch-

AND

xiongmaitechnbd8008r-plMatch-

Node

xiongmaitechnbd8008r-pl\(ep\)_firmwareMatch-

AND

xiongmaitechnbd8008r-pl\(ep\)Match-

Node

xiongmaitechnbd8008r-yl\(ep\)_firmwareMatch-

AND

xiongmaitechnbd8008r-yl\(ep\)Match-

Node

xiongmaitechnbd8008ra-gl_firmwareMatch-

AND

xiongmaitechnbd8008ra-glMatch-

Node

xiongmaitechnbd8008ra-glk_firmwareMatch-

AND

xiongmaitechnbd8008ra-glkMatch-

Node

xiongmaitechnbd8008ra-ul\(ep\)_firmwareMatch-

AND

xiongmaitechnbd8008ra-ul\(ep\)Match-

Node

xiongmaitechnbd8008ra-ula_firmwareMatch-

AND

xiongmaitechnbd8008ra-ulaMatch-

Node

xiongmaitechnbd8008ra-ulk_firmwareMatch-

AND

xiongmaitechnbd8008ra-ulkMatch-

Node

xiongmaitechnbd8008t-q_firmwareMatch-

AND

xiongmaitechnbd8008t-qMatch-

Node

xiongmaitechnbd8009s-ula-v2_firmwareMatch-

AND

xiongmaitechnbd8009s-ula-v2Match-

Node

xiongmaitechnbd8010s-kl-v2_firmwareMatch-

AND

xiongmaitechnbd8010s-kl-v2Match-

Node

xiongmaitechnbd8016r-ul_firmwareMatch-

AND

xiongmaitechnbd8016r-ulMatch-

Node

xiongmaitechnbd8016ra-k\(ep\)_firmwareMatch-

AND

xiongmaitechnbd8016ra-k\(ep\)Match-

Node

xiongmaitechnbd8016ra-ul_firmwareMatch-

AND

xiongmaitechnbd8016ra-ulMatch-

Node

xiongmaitechnbd8016ra-ul\(ep\)_firmwareMatch-

AND

xiongmaitechnbd8016ra-ul\(ep\)Match-

Node

xiongmaitechnbd8016ra-ula_firmwareMatch-

AND

xiongmaitechnbd8016ra-ulaMatch-

Node

xiongmaitechnbd8016ra-ulk_firmwareMatch-

AND

xiongmaitechnbd8016ra-ulkMatch-

Node

xiongmaitechnbd8016s-kl-v2_firmwareMatch-

AND

xiongmaitechnbd8016s-kl-v2Match-

Node

xiongmaitechnbd8016s-ula-v2_firmwareMatch-

AND

xiongmaitechnbd8016s-ula-v2Match-

Node

xiongmaitechnbd8016t-q-v2_firmwareMatch-

AND

xiongmaitechnbd8016t-q-v2Match-

Node

xiongmaitechnbd8025r-ul_firmwareMatch-

AND

xiongmaitechnbd8025r-ulMatch-

Node

xiongmaitechnbd8032h4-p_firmwareMatch-

AND

xiongmaitechnbd8032h4-pMatch-

Node

xiongmaitechnbd8032h4-q_firmwareMatch-

AND

xiongmaitechnbd8032h4-qMatch-

Node

xiongmaitechnbd8032h4-qe_firmwareMatch-

AND

xiongmaitechnbd8032h4-qeMatch-

Node

xiongmaitechnbd8032h4-ul_firmwareMatch-

AND

xiongmaitechnbd8032h4-ulMatch-

Node

xiongmaitechnbd8032h8-p_firmwareMatch-

AND

xiongmaitechnbd8032h8-pMatch-

Node

xiongmaitechnbd8032h8-qe_firmwareMatch-

AND

xiongmaitechnbd8032h8-qeMatch-

Node

xiongmaitechnbd8032ra-ul-v2_firmwareMatch-

AND

xiongmaitechnbd8032ra-ul-v2Match-

Node

xiongmaitechnbd8064h8-p_firmwareMatch-

AND

xiongmaitechnbd8064h8-pMatch-

Node

xiongmaitechnbd80n16ra-kl_firmwareMatch-

AND

xiongmaitechnbd80n16ra-klMatch-

Node

xiongmaitechnbd80n16ra-kl\(ep\)_firmwareMatch-

AND

xiongmaitechnbd80n16ra-kl\(ep\)Match-

Node

xiongmaitechnbd80s08s-kl\(ep\)_firmwareMatch-

AND

xiongmaitechnbd80s08s-kl\(ep\)Match-

Node

xiongmaitechnbd80s10s-kl_firmwareMatch-

AND

xiongmaitechnbd80s10s-klMatch-

Node

xiongmaitechnbd80s16s-kl_firmwareMatch-

AND

xiongmaitechnbd80s16s-klMatch-

Node

xiongmaitechnbd80s16s-kl\(ep\)_firmwareMatch-

AND

xiongmaitechnbd80s16s-kl\(ep\)Match-

Node

xiongmaitechnbd80x09ra-kl_firmwareMatch-

AND

xiongmaitechnbd80x09ra-klMatch-

Node

xiongmaitechnbd80x09s-kl_firmwareMatch-

AND

xiongmaitechnbd80x09s-klMatch-

Node

xiongmaitechnbd88x09s-kl_firmwareMatch-

AND

xiongmaitechnbd88x09s-klMatch-

Node

xiongmaitechnbd8904r-pl_firmwareMatch-

AND

xiongmaitechnbd8904r-plMatch-

Node

xiongmaitechnbd8904r-yl_firmwareMatch-

AND

xiongmaitechnbd8904r-ylMatch-

Node

xiongmaitechnbd8904t-gsc-xpoe_firmwareMatch-

AND

xiongmaitechnbd8904t-gsc-xpoeMatch-

Node

xiongmaitechnbd8904t-q_firmwareMatch-

AND

xiongmaitechnbd8904t-qMatch-

Node

xiongmaitechnbd8908r-pl_firmwareMatch-

AND

xiongmaitechnbd8908r-plMatch-

Node

xiongmaitechnbd8908r-yl_firmwareMatch-

AND

xiongmaitechnbd8908r-ylMatch-

Node

xiongmaitechnbd8908t-pl-xpoe_firmwareMatch-

AND

xiongmaitechnbd8908t-pl-xpoeMatch-

Node

xiongmaitechnbd8908t-plc-xpoe_firmwareMatch-

AND

xiongmaitechnbd8908t-plc-xpoeMatch-

Node

xiongmaitechnbd8916f4-q_firmwareMatch-

AND

xiongmaitechnbd8916f4-qMatch-

Node

xiongmaitechnbd8916f8-q_firmwareMatch-

AND

xiongmaitechnbd8916f8-qMatch-

CPENameOperatorVersion
xiongmaitech:mbd6304txiongmaitech mbd6304teq-
xiongmaitech:nbd6808t-plxiongmaitech nbd6808t-pleq-
xiongmaitech:nbd7004t-pxiongmaitech nbd7004t-peq*
xiongmaitech:nbd7008t-pxiongmaitech nbd7008t-peq*
xiongmaitech:nbd7016t-f-v2xiongmaitech nbd7016t-f-v2eq*
xiongmaitech:nbd7024h-pxiongmaitech nbd7024h-peq*
xiongmaitech:nbd7024t-pxiongmaitech nbd7024t-peq*
xiongmaitech:nbd7804r-f\(ep\)xiongmaitech nbd7804r-f(ep)eq*
xiongmaitech:nbd7804r-f\(hdmi\)xiongmaitech nbd7804r-f(hdmi)eq*
xiongmaitech:nbd7804r-fwxiongmaitech nbd7804r-fweq*

CPE	Name	Operator	Version
xiongmaitech:mbd6304t	xiongmaitech mbd6304t	eq	-
xiongmaitech:nbd6808t-pl	xiongmaitech nbd6808t-pl	eq	-
xiongmaitech:nbd7004t-p	xiongmaitech nbd7004t-p	eq	*
xiongmaitech:nbd7008t-p	xiongmaitech nbd7008t-p	eq	*
xiongmaitech:nbd7016t-f-v2	xiongmaitech nbd7016t-f-v2	eq	*
xiongmaitech:nbd7024h-p	xiongmaitech nbd7024h-p	eq	*
xiongmaitech:nbd7024t-p	xiongmaitech nbd7024t-p	eq	*
xiongmaitech:nbd7804r-f\(ep\)	xiongmaitech nbd7804r-f(ep)	eq	*
xiongmaitech:nbd7804r-f\(hdmi\)	xiongmaitech nbd7804r-f(hdmi)	eq	*
xiongmaitech:nbd7804r-fw	xiongmaitech nbd7804r-fw	eq	*

Rows per page:

1-10 of 721

References

vulncheck.com/blog/xiongmai-iot-exploitation

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for CVE-2022-45045

prion1 cvelist1 nvd1 attackerkb1