CVE-2022-45045

high-risk
Published 2022-12-01

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (20)

Mbd6304T
Nbd6808T-Pl
Nbd7004T-P
Nbd7008T-P
Nbd7016T-F-V2
Nbd7024H-P
Nbd7024T-P
Nbd7804R-F\(Ep\)
Nbd7804R-F\(Hdmi\)
Nbd7804R-Fw
Nbd7804T-Pl
Nbd7808R-Pl\(Ep\)
Nbd7808R-Pl\(Hdmi\)
Nbd7808T-Pl
Nbd7904R-Fs
Nbd7904T-P
Nbd7904T-Pl
Nbd7904T-Pl-Xpoe
Nbd7904T-Plc-Xpoe
Nbd7904T-Q

Affected Vendors

Xiongmaitech

References (2)

Exploit https://vulncheck.com/blog/xiongmai-iot-exploitation
Exploit https://vulncheck.com/blog/xiongmai-iot-exploitation
65
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 3/34 · Minimal
Exposure 32/34 · Critical