Vulnerability Details : CVE-2022-45045
Potential exploit
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.
Products affected by CVE-2022-45045
- cpe:2.3:o:xiongmaitech:nbd80x09s-kl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd80x09s-kl:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd80x09ra-kl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd80x09ra-kl:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:mbd6304t_firmware:4.02.r11.00000117.10001.131900.00000:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd6808t-pl_firmware:4.02.r11.c7431119.12001.130000.00000:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7004t-p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7004t-p:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7008t-p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7008t-p:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7016t-f-v2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7016t-f-v2:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7024h-p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7024h-p:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7024t-p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7024t-p:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7804r-f\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7804r-f\(ep\):*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7804r-f\(hdmi\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7804r-f\(hdmi\):*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7804r-fw_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7804r-fw:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7804t-pl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7804t-pl:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7808r-pl\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7808r-pl\(ep\):*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7808r-pl\(hdmi\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7808r-pl\(hdmi\):*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7808t-pl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7808t-pl:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7904r-fs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7904r-fs:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7904t-p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7904t-p:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7904t-pl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7904t-pl:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7904t-pl-xpoe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7904t-plc-xpoe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7904t-q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7904t-q:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd7908t-q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7908t-q:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8004r-pl\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8004r-pl\(ep\):*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8004r-yl\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8004t-q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8004t-q:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8008r-pl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8008r-pl:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8008r-pl\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8008r-pl\(ep\):*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8008r-yl\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8008ra-gl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8008ra-glk_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8008ra-ul\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8008ra-ula_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8008ra-ulk_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8008t-q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8008t-q:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8009s-ula-v2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8010s-kl-v2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8016r-ul_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8016r-ul:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8016ra-k\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8016ra-ul_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8016ra-ul\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8016ra-ula_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8016ra-ulk_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8016s-kl-v2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8016s-ula-v2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8016t-q-v2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8016t-q-v2:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8025r-ul_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8025r-ul:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8032h4-p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8032h4-p:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8032h4-q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8032h4-q:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8032h4-qe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8032h4-qe:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8032h4-ul_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8032h8-p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8032h8-p:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8032h8-qe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8032h8-qe:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8032ra-ul-v2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8064h8-p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8064h8-p:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd80n16ra-kl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd80n16ra-kl\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd80s08s-kl\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd80s10s-kl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd80s16s-kl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd80s16s-kl\(ep\)_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd88x09s-kl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8904r-pl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8904r-pl:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8904r-yl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8904t-gsc-xpoe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8904t-q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8904t-q:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8908r-pl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8908r-pl:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8908r-yl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8908r-yl:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8908t-pl-xpoe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8908t-plc-xpoe_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8916f4-q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8916f4-q:*:*:*:*:*:*:*:*
- cpe:2.3:o:xiongmaitech:nbd8916f8-q_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8916f8-q:*:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd80n16ra-kl:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd88x09s-kl:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd80s08s-kl\(ep\):-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd80s16s-kl\(ep\):-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd80s10s-kl:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd80s16s-kl:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8016s-kl-v2:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8010s-kl-v2:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd80n16ra-kl\(ep\):-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8016ra-k\(ep\):-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8032ra-ul-v2:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8016s-ula-v2:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8009s-ula-v2:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8008ra-ul\(ep\):-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8016ra-ul\(ep\):-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8008ra-ulk:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8008ra-ula:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8904t-gsc-xpoe:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8908t-plc-xpoe:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8032h4-ul:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8908t-pl-xpoe:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7904t-plc-xpoe:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd7904t-pl-xpoe:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8008ra-glk:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8016ra-ulk:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8016ra-ula:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8904r-yl:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8004r-yl\(ep\):-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8016ra-ul:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8008ra-gl:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd8008r-yl\(ep\):-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:nbd6808t-pl:-:*:*:*:*:*:*:*
- cpe:2.3:h:xiongmaitech:mbd6304t:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-45045
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-45045
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-45045
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-45045
-
https://vulncheck.com/blog/xiongmai-iot-exploitation
Xiongmai IoT Exploitation - Blog - VulnCheckExploit;Technical Description;Third Party Advisory
Jump to