🛡️ CVE-2022-45045
🟠 CVSS 8.8 — High ⚠️ Exploit Public CWE-78 NVD
8.8
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.

Details

Severity HIGH
CVSS Score 8.8
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-78
Public Exploit ⚠️ Yes
Source NVD
Published 2022-12-01
Updated 2026-06-08
Modified 2025-04-24
Fix URL N/A

Affected Packages

Software From version Fixed in
mbd6304t
mbd6304t-firmware
nbd6808t-pl
nbd6808t-pl-firmware
nbd7004t-p
nbd7004t-p-firmware
nbd7008t-p
nbd7008t-p-firmware
nbd7016t-f-v2
nbd7016t-f-v2-firmware
nbd7024h-p
nbd7024h-p-firmware
nbd7024t-p
nbd7024t-p-firmware
nbd7804r-f\(ep\)
nbd7804r-f\(ep\)-firmware
nbd7804r-f\(hdmi\)
nbd7804r-f\(hdmi\)-firmware
nbd7804r-fw
nbd7804r-fw-firmware
nbd7804t-pl
nbd7804t-pl-firmware
nbd7808r-pl\(ep\)
nbd7808r-pl\(ep\)-firmware
nbd7808r-pl\(hdmi\)
nbd7808r-pl\(hdmi\)-firmware
nbd7808t-pl
nbd7808t-pl-firmware
nbd7904r-fs
nbd7904r-fs-firmware
nbd7904t-p
nbd7904t-p-firmware
nbd7904t-pl
nbd7904t-pl-firmware
nbd7904t-pl-xpoe
nbd7904t-pl-xpoe-firmware
nbd7904t-plc-xpoe
nbd7904t-plc-xpoe-firmware
nbd7904t-q
nbd7904t-q-firmware
nbd7908t-q
nbd7908t-q-firmware
nbd8004r-pl\(ep\)
nbd8004r-pl\(ep\)-firmware
nbd8004r-yl\(ep\)
nbd8004r-yl\(ep\)-firmware
nbd8004t-q
nbd8004t-q-firmware
nbd8008r-pl
nbd8008r-pl-firmware
nbd8008r-pl\(ep\)
nbd8008r-pl\(ep\)-firmware
nbd8008r-yl\(ep\)
nbd8008r-yl\(ep\)-firmware
nbd8008ra-gl
nbd8008ra-gl-firmware
nbd8008ra-glk
nbd8008ra-glk-firmware
nbd8008ra-ul\(ep\)
nbd8008ra-ul\(ep\)-firmware
nbd8008ra-ula
nbd8008ra-ula-firmware
nbd8008ra-ulk
nbd8008ra-ulk-firmware
nbd8008t-q
nbd8008t-q-firmware
nbd8009s-ula-v2
nbd8009s-ula-v2-firmware
nbd8010s-kl-v2
nbd8010s-kl-v2-firmware
nbd8016r-ul
nbd8016r-ul-firmware
nbd8016ra-k\(ep\)
nbd8016ra-k\(ep\)-firmware
nbd8016ra-ul
nbd8016ra-ul-firmware
nbd8016ra-ul\(ep\)
nbd8016ra-ul\(ep\)-firmware
nbd8016ra-ula
nbd8016ra-ula-firmware
nbd8016ra-ulk
nbd8016ra-ulk-firmware
nbd8016s-kl-v2
nbd8016s-kl-v2-firmware
nbd8016s-ula-v2
nbd8016s-ula-v2-firmware
nbd8016t-q-v2
nbd8016t-q-v2-firmware
nbd8025r-ul
nbd8025r-ul-firmware
nbd8032h4-p
nbd8032h4-p-firmware
nbd8032h4-q
nbd8032h4-q-firmware
nbd8032h4-qe
nbd8032h4-qe-firmware
nbd8032h4-ul
nbd8032h4-ul-firmware
nbd8032h8-p
nbd8032h8-p-firmware
nbd8032h8-qe
nbd8032h8-qe-firmware
nbd8032ra-ul-v2
nbd8032ra-ul-v2-firmware
nbd8064h8-p
nbd8064h8-p-firmware
nbd80n16ra-kl
nbd80n16ra-kl-firmware
nbd80n16ra-kl\(ep\)
nbd80n16ra-kl\(ep\)-firmware
nbd80s08s-kl\(ep\)
nbd80s08s-kl\(ep\)-firmware
nbd80s10s-kl
nbd80s10s-kl-firmware
nbd80s16s-kl
nbd80s16s-kl-firmware
nbd80s16s-kl\(ep\)
nbd80s16s-kl\(ep\)-firmware
nbd80x09ra-kl
nbd80x09ra-kl-firmware
nbd80x09s-kl
nbd80x09s-kl-firmware
nbd88x09s-kl
nbd88x09s-kl-firmware
nbd8904r-pl
nbd8904r-pl-firmware
nbd8904r-yl
nbd8904r-yl-firmware
nbd8904t-gsc-xpoe
nbd8904t-gsc-xpoe-firmware
nbd8904t-q
nbd8904t-q-firmware
nbd8908r-pl
nbd8908r-pl-firmware
nbd8908r-yl
nbd8908r-yl-firmware
nbd8908t-pl-xpoe
nbd8908t-pl-xpoe-firmware
nbd8908t-plc-xpoe
nbd8908t-plc-xpoe-firmware
nbd8916f4-q
nbd8916f4-q-firmware
nbd8916f8-q
nbd8916f8-q-firmware

References

Exploit, Technical Description, Third Party Advisory https://vulncheck.com/blog/xiongmai-iot-exploitation
Exploit, Technical Description, Third Party Advisory https://vulncheck.com/blog/xiongmai-iot-exploitation

Similar Threats

Vulnerability Monitoring

Stay informed about vulnerabilities in your stack

BotEraser monitors your WordPress installation and notifies you when software you use appears in our vulnerability database.

Set Up Free Alerts →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.