Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Xiongmaitech Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41506 1 Xiongmaitech 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more 2023-08-08 10.0 HIGH 9.8 CRITICAL
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.
CVE-2018-17915 1 Xiongmaitech 1 Xmeye P2p Cloud Server 2019-10-09 6.4 MEDIUM 9.8 CRITICAL
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
CVE-2017-7577 1 Xiongmaitech 1 Uc-httpd 2018-09-10 5.0 MEDIUM 9.8 CRITICAL
XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.
CVE-2018-10088 1 Xiongmaitech 1 Uc-httpd 2018-07-31 10.0 HIGH 9.8 CRITICAL
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
CVE-2017-16725 1 Xiongmaitech 269 Ahb7004t-g-v4, Ahb7004t-g-v4 Firmware, Ahb7004t-gl-v4 and 266 more 2018-01-12 10.0 HIGH 9.8 CRITICAL
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.