SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-444502676] Xiongmai Technology IP Cameras and DVRs

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-12-07OtherXiongmai TechnologyIndependent researcher Clinton Mielke reported this vulnerability to ICS-CERT.N/ACVE-2017-1672 N/AN/AN/A

Source

						
							
								
#

# Xiongmai Technology IP Cameras and DVRs

#





### VULNERABLE VENDOR

Xiongmai Technology





### VULNERABLE PRODUCT

IP Cameras and DVRs 





### RESEARCHER

Independent researcher Clinton Mielke reported this vulnerability to ICS-CERT.





### AFFECTED PRODUCTS

The following versions of Xiongmai Technology IP cameras and DVRs are affected:



All IP Cameras and DVRs using the NetSurveillance Web interface





### IMPACT

Successful exploitation of this vulnerability could cause the device to reboot and return to a more vulnerable state in which Telnet is accessible.





### VULNERABILITY OVERVIEW

STACK-BASED BUFFER OVERFLOW CWE-121

The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device.

After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.

CVE-2017-16725 has been assigned to this vulnerability.

A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)











### BACKGROUND

Critical Infrastructure Sector: Unknown

Countries/Areas Deployed: Worldwide

Company Headquarters Location: China









### MITIGATION



Xiongmai Technology has not responded to requests to coordinate.