CVE-2017-16725

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
xiongmaitechahb7008f8-h_firmware
4.02.r11.3070:r11.3070
xiongmaitechahb7008f4-h_firmware
4.02.r11.3070:r11.3070
xiongmaitechahb7008f2-h_firmware
4.02.r11.3070:r11.3070
xiongmaitechahb7008t-mh-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7004t-mh-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7004t-h-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016t-lm-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008t-lm-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016t4-mh-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016t-mh-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008t4-h-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008t-h-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008t-h-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7032f8-lm-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7032f4-lm-v2_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7808r-ms-v3_firmware
4.02.r11.nat.onvifc.20170327:r11.nat
xiongmaitechahb7804r-ms-v3_firmware
4.02.r11.nat.onvifc.20170327:r11.nat
xiongmaitechahb7016t-lm-v3_firmware
4.02.r11.3070:r11.3070
xiongmaitechahb7008t-lm-v3_firmware
4.02.r11.3070:r11.3070
xiongmaitechahb7004t-lm-v3_firmware
4.02.r11.3070:r11.3070
xiongmaitechahb7016t4-gs-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016t-gs-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008t-gs-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7004t-gs-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016t-mh-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008t-mh-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7004t-mh-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008t-gl-v4_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7004t-gl-v4_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7004t-g-v4_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016f8-gs-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016f8-gl-v4_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016f4-gl-v4_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016f2-gl-v4_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7808r-lm-v3_firmware
4.02.r11.nat.onvifc.20171120:r11.nat
xiongmaitechahb7804r-lm-v3_firmware
4.02.r11.nat.onvifc.20171120:r11.nat
xiongmaitechahb7804r-lms-v3_firmware
4.02.r11.nat.onvifc.20171019:r11.nat
xiongmaitechahb7008f8-g-v4_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008f4-g-v4_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008f2-g-v4_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7032f4-lm-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7032f2-lm-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7032f8-gs-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7032f4-gs-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7032f2-gs-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7016t-lme-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7008t-lme-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7004t-lme-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7808r-mh-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechahb7804r-mh-v3_firmware
4.02.r11.7601:r11.7601
xiongmaitechipg-50h10pl-p_firmware
-
xiongmaitechipg-50h10pl-b_firmware
-
xiongmaitechipg-50h10pl-ae_firmware
-
xiongmaitechipg-50h10pl-s_firmware
-
xiongmaitechipg-52h10pl-p_firmware
-
xiongmaitechipg-52h10pl-b_firmware
-
xiongmaitechipg-53h13pet-s_firmware
-
xiongmaitechipg-53h13pls-s_firmware
-
xiongmaitechipg-53h13pes-s_firmware
-
xiongmaitechipg-53h13pes-sl_firmware
-
xiongmaitechipg-53h13pl-p_firmware
-
xiongmaitechipg-53h13pl-b_firmware
-
xiongmaitechipg-53h13pl-ae_firmware
-
xiongmaitechipg-53h13pl-s_firmware
-
xiongmaitechipg-53h13p-p_firmware
-
xiongmaitechipg-53h13p-b_firmware
-
xiongmaitechipg-53h13p-ae_firmware
-
xiongmaitechipg-53h13p-s_firmware
-
xiongmaitechipg-83h40pl-b_firmware
-
xiongmaitechipg-83h40pl-p_firmware
-
xiongmaitechipg-83h50p-p_firmware
-
xiongmaitechipg-83h50p-b_firmware
-
xiongmaitechipg-53h10pe-s_firmware
-
xiongmaitechipg-50h10pe-sl_firmware
-
xiongmaitechipg-50h10pe-s_firmware
-
xiongmaitechipm-50hv10pt-wr_firmware
-
xiongmaitechipm-50v10pl-wr_firmware
-
xiongmaitechipm-50h10pe-wr_firmware
-
xiongmaitechipg-54h13pe-s_firmware
-
xiongmaitechipg-54h20pl-s_firmware
-
xiongmaitechipg-50h10pl-r_firmware
-
xiongmaitechipg-54h20pl-s_firmware
-
xiongmaitechipm-50h10pe-o\(r\)_firmware
-
xiongmaitechipg-53h13pl-r_firmware
-
xiongmaitechipg-50h10pe-wp_firmware
-
xiongmaitechipg-50hv10pt-wp_firmware
-
xiongmaitechipg-53hv13pa-wp_firmware
-
xiongmaitechipg-53h13pe-wp_firmware
-
xiongmaitechipg-53h20pl-p_firmware
-
xiongmaitechipg-53h20pl-b_firmware
-
xiongmaitechipg-53h20pl-ae_firmware
-
xiongmaitechipg-53h20pl-s_firmware
-
xiongmaitechipg-50hv20pet-a_firmware
-
xiongmaitechipg-50hv20pet-s_firmware
-
xiongmaitechipg-50hv20pes-s_firmware
-
xiongmaitechipg-50h10pe-wk_firmware
-
xiongmaitechipg-53h13pe-wk_firmware
-
xiongmaitechipg-53h13pe-s_firmware
-
xiongmaitechipm-50h10pe-wrm_firmware
-
xiongmaitechipm-53h13pe-wrm_firmware
-
xiongmaitechipg-83h40af_firmware
-
xiongmaitechipm-50v10pl-wrc_firmware
-
xiongmaitechipm-50h10pe-wrc_firmware
-
xiongmaitechipg-50x10pt-s_firmware
-
xiongmaitechipg-50x10pe-s_firmware
-
xiongmaitechipg-53x13pt-s_firmware
-
xiongmaitechipg-53x13pa-s_firmware
-
xiongmaitechipg-53x13pe-s_firmware
-
xiongmaitechipm-53h13pe-wrc_firmware
-
xiongmaitechipm-53hv13pe-wr_firmware
-
xiongmaitechipm-53v13pl-wr_firmware
-
xiongmaitechipm-53h13pe-wr_firmware
-
xiongmaitechipg-50h10pe-wk-2f_firmware
-
xiongmaitechipg-83h20pl-p_firmware
-
xiongmaitechipg-83h20pl-b_firmware
-
xiongmaitechipg-53hv13pt-s_firmware
-
xiongmaitechipg-53hv13pt-s_firmware
-
xiongmaitechipg-53hv13pa-a_firmware
-
xiongmaitechipg-53hv13pa-s_firmware
-
xiongmaitechipm-50hv20pe-wr_firmware
-
xiongmaitechipg-50hv10pt-a_firmware
-
xiongmaitechipg-50hv10pt-s_firmware
-
xiongmaitechipg-50hv10pv-a_firmware
-
xiongmaitechipg-50hv10pv-s_firmware
-
xiongmaitechipg-80h20pt-a_firmware
-
xiongmaitechipg-80h20pt-s_firmware
-
xiongmaitechipg-50h20pt-s_firmware
-
xiongmaitechipg-53h20py-s_firmware
-
xiongmaitechipg-53h13pe-wk-4f_firmware
-
xiongmaitechipg-83h20pa-a_firmware
-
xiongmaitechipg-83h20pa-s_firmware
-
xiongmaitechipg-50hv20psa-s_firmware
-
xiongmaitechipg-50hv20psb-a_firmware
-
xiongmaitechipg-50hv20psb-s_firmware
-
xiongmaitechivg-hp203y-ae_firmware
-
xiongmaitechivg-hp203y-se_firmware
-
xiongmaitechipg-hp500nr-s_firmware
-
xiongmaitechipg-80he20ps-s_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102125
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01
http://www.securityfocus.com/bid/102125
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01