Skip to main content

Ahb7008F8 H Firmware CVE-2017-16725

CRITICAL
Buffer Overflow (CWE-119)
2017-12-20 ics-cert@hq.dhs.gov
Buffer Overflow Ahb7008F8 H Firmware Ahb7008F4 H Firmware Ahb7008F2 H Firmware Ahb7008T Mh V2 Firmware Ahb7004T Mh V2 Firmware Ahb7004T H V2 Firmware Ahb7016T Lm V2 Firmware Ahb7008T Lm V2 Firmware Ahb7016T4 Mh V2 Firmware Ahb7016T Mh V2 Firmware Ahb7008T4 H V2 Firmware Ahb7008T H V2 Firmware Ahb7008T4 H V2 Ahb7032F8 Lm V2 Firmware Ahb7032F4 Lm V2 Firmware Ahb7808R Ms V3 Firmware Ahb7804R Ms V3 Firmware Ahb7016T Lm V3 Firmware Ahb7008T Lm V3 Firmware Ahb7004T Lm V3 Firmware Ahb7016T4 Gs V3 Firmware Ahb7016T Gs V3 Firmware Ahb7008T Gs V3 Firmware Ahb7004T Gs V3 Firmware Ahb7016T Mh V3 Firmware Ahb7008T Mh V3 Firmware Ahb7004T Mh V3 Firmware Ahb7008T Gl V4 Firmware Ahb7004T Gl V4 Firmware Ahb7004T G V4 Firmware Ahb7016F8 Gs V3 Firmware Ahb7016F8 Gl V4 Firmware Ahb7016F4 Gl V4 Firmware Ahb7016F2 Gl V4 Firmware Ahb7808R Lm V3 Firmware Ahb7804R Lm V3 Firmware Ahb7804R Lms V3 Firmware Ahb7008F8 G V4 Firmware Ahb7008F4 G V4 Firmware Ahb7008F2 G V4 Firmware Ahb7032F4 Lm V3 Firmware Ahb7032F2 Lm V3 Firmware Ahb7032F8 Gs V3 Firmware Ahb7032F4 Gs V3 Firmware Ahb7032F2 Gs V3 Firmware Ahb7016T Lme V3 Firmware Ahb7008T Lme V3 Firmware Ahb7004T Lme V3 Firmware Ahb7808R Mh V3 Firmware Ahb7804R Mh V3 Firmware Ipg 50H10Pl P Firmware Ipg 50H10Pl B Firmware Ipg 50H10Pl Ae Firmware Ipg 50H10Pl S Firmware Ipg 52H10Pl P Firmware Ipg 52H10Pl B Firmware Ipg 53H13Pet S Firmware Ipg 53H13Pls S Firmware Ipg 53H13Pes S Firmware Ipg 53H13Pes Sl Firmware Ipg 53H13Pl P Firmware Ipg 53H13Pl B Firmware Ipg 53H13Pl Ae Firmware Ipg 53H13Pl S Firmware Ipg 53H13P P Firmware Ipg 53H13P B Firmware Ipg 53H13P Ae Firmware Ipg 53H13P S Firmware Ipg 83H40Pl B Firmware Ipg 83H40Pl P Firmware Ipg 83H50P P Firmware Ipg 83H50P B Firmware Ipg 53H10Pe S Firmware Ipg 50H10Pe Sl Firmware Ipg 50H10Pe S Firmware Ipm 50Hv10Pt Wr Firmware Ipm 50V10Pl Wr Firmware Ipm 50H10Pe Wr Firmware Ipg 54H13Pe S Firmware Ipg 54H20Pl S Firmware Ipg 50H10Pl R Firmware Ipm 50H10Pe O R Firmware Ipg 53H13Pl R Firmware Ipg 50H10Pe Wp Firmware Ipg 50Hv10Pt Wp Firmware Ipg 53Hv13Pa Wp Firmware Ipg 53H13Pe Wp Firmware Ipg 53H20Pl P Firmware Ipg 53H20Pl B Firmware Ipg 53H20Pl Ae Firmware Ipg 53H20Pl S Firmware Ipg 50Hv20Pet A Firmware Ipg 50Hv20Pet S Firmware Ipg 50Hv20Pes S Firmware Ipg 50H10Pe Wk Firmware Ipg 53H13Pe Wk Firmware Ipg 53H13Pe S Firmware Ipm 50H10Pe Wrm Firmware Ipm 53H13Pe Wrm Firmware Ipg 83H40Af Firmware Ipm 50V10Pl Wrc Firmware Ipm 50H10Pe Wrc Firmware Ipg 50X10Pt S Firmware Ipg 50X10Pe S Firmware Ipg 53X13Pt S Firmware Ipg 53X13Pa S Firmware Ipg 53X13Pe S Firmware Ipm 53H13Pe Wrc Firmware Ipm 53Hv13Pe Wr Firmware Ipm 53V13Pl Wr Firmware Ipm 53H13Pe Wr Firmware Ipg 50H10Pe Wk 2F Firmware Ipg 83H20Pl P Firmware Ipg 83H20Pl B Firmware Ipg 53Hv13Pt S Firmware Ipg 53Hv13Pa A Firmware Ipg 53Hv13Pa S Firmware Ipm 50Hv20Pe Wr Firmware Ipg 50Hv10Pt A Firmware Ipg 50Hv10Pt S Firmware Ipg 50Hv10Pv A Firmware Ipg 50Hv10Pv S Firmware Ipg 80H20Pt A Firmware Ipg 80H20Pt S Firmware Ipg 50H20Pt S Firmware Ipg 53H20Py S Firmware Ipg 53H13Pe Wk 4F Firmware Ipg 83H20Pa A Firmware Ipg 83H20Pa S Firmware Ipg 50Hv20Psa S Firmware Ipg 50Hv20Psb A Firmware Ipg 50Hv20Psb S Firmware Ivg Hp203Y Ae Firmware Ivg Hp203Y Se Firmware Ipg Hp500Nr S Firmware Ipg 80He20Ps S Firmware
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 20, 2017 - 19:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.

AnalysisAI

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible. Affected products include: Xiongmaitech Ahb7008F8-H Firmware, Xiongmaitech Ahb7008F4-H Firmware, Xiongmaitech Ahb7008F2-H Firmware, Xiongmaitech Ahb7008T-Mh-V2 Firmware, Xiongmaitech Ahb7004T-Mh-V2 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

Share

CVE-2017-16725 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy