Strix
26.1K

CVE-2022-45045

HIGHCVSS 8.8/10EPSS 1.24%

Last modified

CVE-2022-45045 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. EPSS estimates a 1.24% chance of exploitation in the next 30 days.

Description

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.24%

65.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
XiongmaitechMbd6304tAll versions
XiongmaitechNbd6808t-PlAll versions
XiongmaitechNbd7004t-PAll versions
XiongmaitechNbd7008t-PAll versions
XiongmaitechNbd7016t-F-V2All versions
XiongmaitechNbd7024h-PAll versions
XiongmaitechNbd7024t-PAll versions
XiongmaitechNbd7804r-F\(Ep\)All versions
XiongmaitechNbd7804r-F\(Hdmi\)All versions
XiongmaitechNbd7804r-FwAll versions
XiongmaitechNbd7804t-PlAll versions
XiongmaitechNbd7808r-Pl\(Ep\)All versions
XiongmaitechNbd7808r-Pl\(Hdmi\)All versions
XiongmaitechNbd7808t-PlAll versions
XiongmaitechNbd7904r-FsAll versions
XiongmaitechNbd7904t-PAll versions
XiongmaitechNbd7904t-PlAll versions
XiongmaitechNbd7904t-Pl-XpoeAll versions
XiongmaitechNbd7904t-Plc-XpoeAll versions
XiongmaitechNbd7904t-QAll versions
XiongmaitechNbd7908t-QAll versions
XiongmaitechNbd8004r-Pl\(Ep\)All versions
XiongmaitechNbd8004r-Yl\(Ep\)All versions
XiongmaitechNbd8004t-QAll versions
XiongmaitechNbd8008r-PlAll versions
XiongmaitechNbd8008r-Pl\(Ep\)All versions
XiongmaitechNbd8008r-Yl\(Ep\)All versions
XiongmaitechNbd8008ra-GlAll versions
XiongmaitechNbd8008ra-GlkAll versions
XiongmaitechNbd8008ra-Ul\(Ep\)All versions
XiongmaitechNbd8008ra-UlaAll versions
XiongmaitechNbd8008ra-UlkAll versions
XiongmaitechNbd8008t-QAll versions
XiongmaitechNbd8009s-Ula-V2All versions
XiongmaitechNbd8010s-Kl-V2All versions
XiongmaitechNbd8016r-UlAll versions
XiongmaitechNbd8016ra-K\(Ep\)All versions
XiongmaitechNbd8016ra-UlAll versions
XiongmaitechNbd8016ra-Ul\(Ep\)All versions
XiongmaitechNbd8016ra-UlaAll versions
XiongmaitechNbd8016ra-UlkAll versions
XiongmaitechNbd8016s-Kl-V2All versions
XiongmaitechNbd8016s-Ula-V2All versions
XiongmaitechNbd8016t-Q-V2All versions
XiongmaitechNbd8025r-UlAll versions
XiongmaitechNbd8032h4-PAll versions
XiongmaitechNbd8032h4-QAll versions
XiongmaitechNbd8032h4-QeAll versions
XiongmaitechNbd8032h4-UlAll versions
XiongmaitechNbd8032h8-PAll versions

Showing 50 of 144 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-45045?
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.
How severe is CVE-2022-45045?
CVE-2022-45045 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.24% probability of exploitation in the next 30 days.
How do I fix CVE-2022-45045?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-45045?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST