CVE-2017-16725

Name: CVE-2017-16725
Creator: NVD / NIST
Published: 2017-12-20T19:29:00.257+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 9.22%

Last modified Jun 17, 2026

CVE-2017-16725 is a vulnerability of currently unknown severity. A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. EPSS estimates a 9.22% chance of exploitation in the next 30 days.

Description

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.

Metrics

EPSS Probability

9.22%

94.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Xiongmaitech	Ahb7008f8-H Firmware	4.02.r11.3070	—
Xiongmaitech	Ahb7008f4-H Firmware	4.02.r11.3070	—
Xiongmaitech	Ahb7008f2-H Firmware	4.02.r11.3070	—
Xiongmaitech	Ahb7008t-Mh-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7004t-Mh-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7004t-H-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016t-Lm-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008t-Lm-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016t4-Mh-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016t-Mh-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008t4-H-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008t-H-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008t4-H-V2	_firmware	4.02.R11.7601
Xiongmaitech	Ahb7032f8-Lm-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7032f4-Lm-V2 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7808r-Ms-V3 Firmware	4.02.r11.nat.onvifc.20170327	—
Xiongmaitech	Ahb7804r-Ms-V3 Firmware	4.02.r11.nat.onvifc.20170327	—
Xiongmaitech	Ahb7016t-Lm-V3 Firmware	4.02.r11.3070	—
Xiongmaitech	Ahb7008t-Lm-V3 Firmware	4.02.r11.3070	—
Xiongmaitech	Ahb7004t-Lm-V3 Firmware	4.02.r11.3070	—
Xiongmaitech	Ahb7016t4-Gs-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016t-Gs-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008t-Gs-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7004t-Gs-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016t-Mh-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008t-Mh-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7004t-Mh-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008t-Gl-V4 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7004t-Gl-V4 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7004t-G-V4 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016f8-Gs-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016f8-Gl-V4 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016f4-Gl-V4 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016f2-Gl-V4 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7808r-Lm-V3 Firmware	4.02.r11.nat.onvifc.20171120	—
Xiongmaitech	Ahb7804r-Lm-V3 Firmware	4.02.r11.nat.onvifc.20171120	—
Xiongmaitech	Ahb7804r-Lms-V3 Firmware	4.02.r11.nat.onvifc.20171019	—
Xiongmaitech	Ahb7008f8-G-V4 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008f4-G-V4 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008f2-G-V4 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7032f4-Lm-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7032f2-Lm-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7032f8-Gs-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7032f4-Gs-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7032f2-Gs-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7016t-Lme-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7008t-Lme-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7004t-Lme-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7808r-Mh-V3 Firmware	4.02.r11.7601	—
Xiongmaitech	Ahb7804r-Mh-V3 Firmware	4.02.r11.7601	—

Showing 50 of 136 affected configurations. See NVD for the full list.

References

http://www.securityfocus.com/bid/102125Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/102125Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01Third Party Advisory, US Government Resource

Timeline

Published: Dec 20, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-16725?

How severe is CVE-2017-16725?

Severity scoring for CVE-2017-16725 is pending analysis. The EPSS model estimates a 9.22% probability of exploitation in the next 30 days.

How do I fix CVE-2017-16725?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-16725?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST