8.8
CVE-2022-45045
- EPSS 0.24%
- Published 01.12.2022 05:15:12
- Last modified 24.04.2025 20:15:29
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.
Data is provided by the National Vulnerability Database (NVD)
Xiongmaitech ≫ Mbd6304t Version-
Xiongmaitech ≫ Nbd6808t-pl Version-
Xiongmaitech ≫ Nbd7904t-pl-xpoe Version-
Xiongmaitech ≫ Nbd7904t-plc-xpoe Version-
Xiongmaitech ≫ Nbd8008ra-gl Version-
Xiongmaitech ≫ Nbd8008ra-glk Version-
Xiongmaitech ≫ Nbd8008ra-ula Version-
Xiongmaitech ≫ Nbd8008ra-ulk Version-
Xiongmaitech ≫ Nbd8009s-ula-v2 Version-
Xiongmaitech ≫ Nbd8010s-kl-v2 Version-
Xiongmaitech ≫ Nbd8016ra-ul Version-
Xiongmaitech ≫ Nbd8016ra-ula Version-
Xiongmaitech ≫ Nbd8016ra-ulk Version-
Xiongmaitech ≫ Nbd8016s-kl-v2 Version-
Xiongmaitech ≫ Nbd8016s-ula-v2 Version-
Xiongmaitech ≫ Nbd8032h4-ul Version-
Xiongmaitech ≫ Nbd8032ra-ul-v2 Version-
Xiongmaitech ≫ Nbd80n16ra-kl Version-
Xiongmaitech ≫ Nbd80s10s-kl Version-
Xiongmaitech ≫ Nbd80s16s-kl Version-
Xiongmaitech ≫ Nbd80x09ra-kl Version-
Xiongmaitech ≫ Nbd80x09s-kl Version-
Xiongmaitech ≫ Nbd88x09s-kl Version-
Xiongmaitech ≫ Nbd8904r-yl Version-
Xiongmaitech ≫ Nbd8904t-gsc-xpoe Version-
Xiongmaitech ≫ Nbd8908t-pl-xpoe Version-
Xiongmaitech ≫ Nbd8908t-plc-xpoe Version-
Xiongmaitech ≫ Mbd6304t Firmware Version4.02.r11.00000117.10001.131900.00000
Xiongmaitech ≫ Nbd6808t-pl Firmware Version4.02.r11.c7431119.12001.130000.00000
Xiongmaitech ≫ Nbd7004t-p Firmware Version-
Xiongmaitech ≫ Nbd7008t-p Firmware Version-
Xiongmaitech ≫ Nbd7016t-f-v2 Firmware Version-
Xiongmaitech ≫ Nbd7024h-p Firmware Version-
Xiongmaitech ≫ Nbd7024t-p Firmware Version-
Xiongmaitech ≫ Nbd7804r-fw Firmware Version-
Xiongmaitech ≫ Nbd7804t-pl Firmware Version-
Xiongmaitech ≫ Nbd7808t-pl Firmware Version-
Xiongmaitech ≫ Nbd7904r-fs Firmware Version-
Xiongmaitech ≫ Nbd7904t-p Firmware Version-
Xiongmaitech ≫ Nbd7904t-pl Firmware Version-
Xiongmaitech ≫ Nbd7904t-pl-xpoe Firmware Version-
Xiongmaitech ≫ Nbd7904t-plc-xpoe Firmware Version-
Xiongmaitech ≫ Nbd7904t-q Firmware Version-
Xiongmaitech ≫ Nbd7908t-q Firmware Version-
Xiongmaitech ≫ Nbd8004t-q Firmware Version-
Xiongmaitech ≫ Nbd8008r-pl Firmware Version-
Xiongmaitech ≫ Nbd8008ra-gl Firmware Version-
Xiongmaitech ≫ Nbd8008ra-glk Firmware Version-
Xiongmaitech ≫ Nbd8008ra-ula Firmware Version-
Xiongmaitech ≫ Nbd8008ra-ulk Firmware Version-
Xiongmaitech ≫ Nbd8008t-q Firmware Version-
Xiongmaitech ≫ Nbd8009s-ula-v2 Firmware Version-
Xiongmaitech ≫ Nbd8010s-kl-v2 Firmware Version-
Xiongmaitech ≫ Nbd8016r-ul Firmware Version-
Xiongmaitech ≫ Nbd8016ra-ul Firmware Version-
Xiongmaitech ≫ Nbd8016ra-ula Firmware Version-
Xiongmaitech ≫ Nbd8016ra-ulk Firmware Version-
Xiongmaitech ≫ Nbd8016s-kl-v2 Firmware Version-
Xiongmaitech ≫ Nbd8016s-ula-v2 Firmware Version-
Xiongmaitech ≫ Nbd8016t-q-v2 Firmware Version-
Xiongmaitech ≫ Nbd8025r-ul Firmware Version-
Xiongmaitech ≫ Nbd8032h4-p Firmware Version-
Xiongmaitech ≫ Nbd8032h4-q Firmware Version-
Xiongmaitech ≫ Nbd8032h4-qe Firmware Version-
Xiongmaitech ≫ Nbd8032h4-ul Firmware Version-
Xiongmaitech ≫ Nbd8032h8-p Firmware Version-
Xiongmaitech ≫ Nbd8032h8-qe Firmware Version-
Xiongmaitech ≫ Nbd8032ra-ul-v2 Firmware Version-
Xiongmaitech ≫ Nbd8064h8-p Firmware Version-
Xiongmaitech ≫ Nbd80n16ra-kl Firmware Version-
Xiongmaitech ≫ Nbd80s10s-kl Firmware Version-
Xiongmaitech ≫ Nbd80s16s-kl Firmware Version-
Xiongmaitech ≫ Nbd80x09ra-kl Firmware Version-
Xiongmaitech ≫ Nbd80x09s-kl Firmware Version-
Xiongmaitech ≫ Nbd88x09s-kl Firmware Version-
Xiongmaitech ≫ Nbd8904r-pl Firmware Version-
Xiongmaitech ≫ Nbd8904r-yl Firmware Version-
Xiongmaitech ≫ Nbd8904t-gsc-xpoe Firmware Version-
Xiongmaitech ≫ Nbd8904t-q Firmware Version-
Xiongmaitech ≫ Nbd8908r-pl Firmware Version-
Xiongmaitech ≫ Nbd8908r-yl Firmware Version-
Xiongmaitech ≫ Nbd8908t-pl-xpoe Firmware Version-
Xiongmaitech ≫ Nbd8908t-plc-xpoe Firmware Version-
Xiongmaitech ≫ Nbd8916f4-q Firmware Version-
Xiongmaitech ≫ Nbd8916f8-q Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.464 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.