CVE-2022-26259

moderate-risk
Published 2022-03-28

A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (10)

Nbd80X16S-Kl Firmware
Nbd80X09S-Kl Firmware
Nbd80X08S-Kl Firmware
Nbd80X09Ra-Kl Firmware
Ahb80X04R-Mh Firmware
Ahb80X04R-Mh-V2 Firmware
Ahb80X04-R-Mh-V3 Firmware
Ahb80N16T-Gs Firmware
Ahb80N32F4-Lme Firmware
Nbd90S0Vt-Qw Firmware

Affected Vendors

Xiongmaitech

References (4)

Exploit https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/
Vendor Advisory https://www.xiongmaitech.com/en/index.php/service/notice_info/51/2
Exploit https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/
Vendor Advisory https://www.xiongmaitech.com/en/index.php/service/notice_info/51/2
43
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 3/34 · Minimal
Exposure 16/34 · Moderate