EUVD-2026-17041
GHSA-2969-xpvc-282x
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used.
Analysis
Remote code execution with root privileges affects Xiongmai DVR/NVR devices (models AHB7008T-MH-V2 and NBD7024H-P running firmware 4.03.R11) via authenticated OS command injection through the proprietary DVRIP protocol on TCP port 34567. Low-privileged authenticated attackers can inject shell metacharacters into the HostName parameter of NetWork.NetCommon configuration requests, achieving full system compromise due to unsafe system() function usage. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
24 hours: Inventory all Xiongmai DVR/NVR devices and document firmware versions; restrict network access to port 34567 via firewall rules to trusted administrative sources only. 7 days: Disable remote access to affected devices where operationally feasible; audit all administrative accounts and reset credentials for devices running firmware 4.03.R11 on AHB7008T-MH-V2 and NBD7024H-P models; implement network segmentation isolating DVR/NVR systems from critical business networks. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today