Filtered by vendor Xiongmaitech
Subscribe
Total
13 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-39068 | 1 Xiongmaitech | 4 Nb080s09s-klc, Nb080s09s-klc Firmware, Nbd80n32ra-kl-v3 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component. | |||||
CVE-2022-26259 | 1 Xiongmaitech | 20 Ahb80n16t-gs, Ahb80n16t-gs Firmware, Ahb80n32f4-lme and 17 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. | |||||
CVE-2021-41506 | 1 Xiongmaitech | 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. | |||||
CVE-2021-38828 | 1 Xiongmaitech | 2 Xm-jpr2-lx, Xm-jpr2-lx Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. | |||||
CVE-2021-38827 | 1 Xiongmaitech | 2 Xm-jpr2-lx, Xm-jpr2-lx Firmware | 2024-11-21 | N/A | 7.5 HIGH |
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. | |||||
CVE-2020-22253 | 1 Xiongmaitech | 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device. | |||||
CVE-2019-11878 | 1 Xiongmaitech | 2 Besder Ip20h1, Besder Ip20h1 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds. | |||||
CVE-2018-17919 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. | |||||
CVE-2018-17917 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps. | |||||
CVE-2018-17915 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2024-11-21 | 6.4 MEDIUM | 9.8 CRITICAL |
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code. | |||||
CVE-2018-10088 | 1 Xiongmaitech | 1 Uc-httpd | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. | |||||
CVE-2017-7577 | 1 Xiongmaitech | 1 Uc-httpd | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. | |||||
CVE-2017-16725 | 1 Xiongmaitech | 269 Ahb7004t-g-v4, Ahb7004t-g-v4 Firmware, Ahb7004t-gl-v4 and 266 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible. |