cbcvebase.
CVE-2017-16725
published 2017-12-20

CVE-2017-16725: A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer…

PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
9.22%
94.7th percentile
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.

Affected

53 ranges· showing 25
VendorProductVersion rangeFixed in
xiongmaitechahb7004t-g-v4_firmware
xiongmaitechahb7004t-gl-v4_firmware
xiongmaitechahb7004t-gs-v3_firmware
xiongmaitechahb7004t-h-v2_firmware
xiongmaitechahb7004t-lm-v3_firmware
xiongmaitechahb7004t-lme-v3_firmware
xiongmaitechahb7004t-mh-v2_firmware
xiongmaitechahb7004t-mh-v3_firmware
xiongmaitechahb7008f2-g-v4_firmware
xiongmaitechahb7008f2-h_firmware
xiongmaitechahb7008f4-g-v4_firmware
xiongmaitechahb7008f4-h_firmware
xiongmaitechahb7008f8-g-v4_firmware
xiongmaitechahb7008f8-h_firmware
xiongmaitechahb7008t-gl-v4_firmware
xiongmaitechahb7008t-gs-v3_firmware
xiongmaitechahb7008t-h-v2_firmware
xiongmaitechahb7008t-lm-v2_firmware
xiongmaitechahb7008t-lm-v3_firmware
xiongmaitechahb7008t-lme-v3_firmware
xiongmaitechahb7008t-mh-v2_firmware
xiongmaitechahb7008t-mh-v3_firmware
xiongmaitechahb7008t4-h-v2
xiongmaitechahb7008t4-h-v2_firmware
xiongmaitechahb7016f2-gl-v4_firmware

Detection & IOCsextracted from sources · hover to see the quote

versionuc-httpd 1.0.0
otherServer: uc-httpd
othercpe:2.3:a:xiongmaitech:uc-httpd:1.0.0:*:*:*:*:*:*:*
  • Detect vulnerable uc-httpd servers by checking HTTP response headers for 'uc-httpd' in the Server field and version <= 1.0.0
  • Extract server version from HTTP response header using regex pattern matching 'Server: uc-httpd/<version>'
  • Shodan query can be used to identify exposed uc-httpd instances: cpe:"cpe:2.3:a:xiongmaitech:uc-httpd"
  • CVE-2017-16725 affects all Xiongmai IP Cameras and DVRs using the NetSurveillance Web interface; successful exploitation may cause device reboot and re-enable Telnet access
  • The vulnerability is triggered via a crafted HTTP request with a long URI passed to a sprintf call (stack-based buffer overflow); monitor for abnormally long HTTP URI requests to Xiongmai web interfaces
  • ·CVE-2017-16725 affects ALL IP Cameras and DVRs using the NetSurveillance Web interface — scope is not limited to a specific firmware version
  • ·CVE-2017-16725 and CVE-2018-10088 are distinct vulnerabilities in uc-httpd 1.0.0; CVE-2022-45460 may overlap CVE-2017-16725 but is a separate finding targeting Xiongmai NVR devices
  • ·No known public exploits specifically targeted CVE-2017-16725 at time of the ICS-CERT advisory (December 2017)
  • ·After exploitation and reboot, the device restores to a more vulnerable state with Telnet enabled — post-exploitation Telnet activity should be monitored

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.