Vulnerability CVE-2017-16725


Published: 2017-12-20

Description:
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Xiongmaitech
Product: Ahb7008t4-h-v2 
Version: _firmware;
Product: Ahb7804r-lm-v3 firmware 
Version: 4.02.r11.nat.onvifc.20171120;
Product: Ahb7808r-lm-v3 firmware 
Version: 4.02.r11.nat.onvifc.20171120;
Product: Ahb7804r-lms-v3 firmware 
Version: 4.02.r11.nat.onvifc.20171019;
Product: Ahb7808r-ms-v3 firmware 
Version: 4.02.r11.nat.onvifc.20170327;
Product: Ahb7804r-ms-v3 firmware 
Version: 4.02.r11.nat.onvifc.20170327;
Product: Ahb7004t-lme-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7032f2-lm-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7004t-g-v4 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016t-mh-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016f8-gs-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008t-lm-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008f8-g-v4 firmware 
Version: 4.02.r11.7601;
Product: Ahb7004t-mh-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7032f4-lm-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7004t-gs-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016t4-gs-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016t-lm-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016f2-gl-v4 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008t-lme-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008t-gl-v4 firmware 
Version: 4.02.r11.7601;
Product: Ahb7032f8-gs-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7032f2-gs-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016t-lme-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016f8-gl-v4 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008t-mh-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008t-h-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7808r-mh-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7004t-mh-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7032f4-gs-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7004t-gl-v4 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016t-mh-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016t-gs-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008t4-h-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7804r-mh-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008f2-g-v4 firmware 
Version: 4.02.r11.7601;
Product: Ahb7032f4-lm-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7004t-h-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016t4-mh-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7016f4-gl-v4 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008t-mh-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008t-gs-v3 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008f4-g-v4 firmware 
Version: 4.02.r11.7601;
Product: Ahb7032f8-lm-v2 firmware 
Version: 4.02.r11.7601;
Product: Ahb7008f2-h firmware 
Version: 4.02.r11.3070;
Product: Ahb7004t-lm-v3 firmware 
Version: 4.02.r11.3070;
Product: Ahb7008f4-h firmware 
Version: 4.02.r11.3070;
Product: Ahb7008t-lm-v3 firmware 
Version: 4.02.r11.3070;
Product: Ahb7008f8-h firmware 
Version: 4.02.r11.3070;
Product: Ahb7016t-lm-v3 firmware 
Version: 4.02.r11.3070;
Product: Ipg-50hv20psa-s firmware 
Product: Ipg-53hv13pa-wp firmware 
Product: Ipm-53v13pl-wr firmware 
Product: Ipg-50hv10pv-a firmware 
Product: Ipg-53h20pl-p firmware 
Product: Ipm-50v10pl-wrc firmware 
Product: Ipg-50h10pl-s firmware 
Product: Ipg-53h13pl-r firmware 
Product: Ipm-50h10pe-wrc firmware 
Product: Ipg-50h10pe-wp firmware 
Product: Ipg-53h13pes-sl firmware 
Product: Ipg-83h50p-b firmware 
Product: Ipg-53h13pe-s firmware 
Product: Ipg-83h20pl-b firmware 
Product: Ipg-53h10pe-s firmware 
Product: Ipg-80h20pt-a firmware 
Product: Ipg-50hv20psb-s firmware 
Product: Ipg-53x13pa-s firmware 
Product: Ivg-hp203y-se firmware 
Product: Ipg-50hv20pes-s firmware 
Product: Ipg-53h20py-s firmware 
Product: Ipm-53h13pe-wrc firmware 
Product: Ipg-50hv10pt-a firmware 
Product: Ipg-53h13pls-s firmware 
Product: Ipm-50hv10pt-wr firmware 
Product: Ipg-50h10pl-b firmware 
Product: Ipg-53h13pl-ae firmware 
Product: Ipg-hp500nr-s firmware 
Product: Ipg-50h10pe-sl firmware 
Product: Ipg-53h13pe-wk firmware 
Product: Ipg-83h40af firmware 
Product: Ipg-53h13p-b firmware 
Product: Ipg-80he20ps-s firmware 
Product: Ipg-50x10pt-s firmware 
Product: Ipg-53x13pt-s firmware 
Product: Ipg-50hv20pet-s firmware 
Product: Ipg-53hv13pa-s firmware 
Product: Ipm-53hv13pe-wr firmware 
Product: Ipg-50hv10pt-wp firmware 
Product: Ipg-53h20pl-b firmware 
Product: Ipm-50v10pl-wr firmware 
Product: Ipg-50h10pl-r firmware 
Product: Ipg-53h13pl-p firmware 
Product: Ipm-50h10pe-wr firmware 
Product: Ipg-50h10pe-wk firmware 
Product: Ipg-53h13pes-s firmware 
Product: Ipg-83h40pl-p firmware 
Product: Ipg-53h13p-s firmware 
Product: Ipg-83h20pa-s firmware 
Product: Ipg-52h10pl-p firmware 

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/102125
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01

Related CVE
CVE-2018-17919
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams.
CVE-2018-17917
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported...
CVE-2018-17915
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal X...
CVE-2018-10088
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
CVE-2017-7577
XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.

Copyright 2018, cxsecurity.com

 

Back to Top