Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2022-45460

CVE information

Published

1 year ago

Last Modified

11 months ago

CVSSv3.1 Severity

Critical

Description

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725..

CVSSv3.1 Score

Severity
Critical
Base Score
9.8/10
Exploit Score
3.9/10
Access Vector
Network
Access Complexity
Low
Privileges Required
None
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:xiongmaitech:nbd6808t-pl_firmware:4.02.r11.c743111
  Yes
-
cpe:2.3:h:xiongmaitech:nbd6808t-pl:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:xiongmaitech:mbd6304t_firmware:4.02.r11.00000117.1
  Yes
-
cpe:2.3:h:xiongmaitech:mbd6304t:-:*:*:*:*:*:*:*
  No
-