CVE-2017-16725
published 2017-12-20CVE-2017-16725: A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer…
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
9.22%
94.7th percentile
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xiongmaitech | ahb7004t-g-v4_firmware | — | — |
| xiongmaitech | ahb7004t-gl-v4_firmware | — | — |
| xiongmaitech | ahb7004t-gs-v3_firmware | — | — |
| xiongmaitech | ahb7004t-h-v2_firmware | — | — |
| xiongmaitech | ahb7004t-lm-v3_firmware | — | — |
| xiongmaitech | ahb7004t-lme-v3_firmware | — | — |
| xiongmaitech | ahb7004t-mh-v2_firmware | — | — |
| xiongmaitech | ahb7004t-mh-v3_firmware | — | — |
| xiongmaitech | ahb7008f2-g-v4_firmware | — | — |
| xiongmaitech | ahb7008f2-h_firmware | — | — |
| xiongmaitech | ahb7008f4-g-v4_firmware | — | — |
| xiongmaitech | ahb7008f4-h_firmware | — | — |
| xiongmaitech | ahb7008f8-g-v4_firmware | — | — |
| xiongmaitech | ahb7008f8-h_firmware | — | — |
| xiongmaitech | ahb7008t-gl-v4_firmware | — | — |
| xiongmaitech | ahb7008t-gs-v3_firmware | — | — |
| xiongmaitech | ahb7008t-h-v2_firmware | — | — |
| xiongmaitech | ahb7008t-lm-v2_firmware | — | — |
| xiongmaitech | ahb7008t-lm-v3_firmware | — | — |
| xiongmaitech | ahb7008t-lme-v3_firmware | — | — |
| xiongmaitech | ahb7008t-mh-v2_firmware | — | — |
| xiongmaitech | ahb7008t-mh-v3_firmware | — | — |
| xiongmaitech | ahb7008t4-h-v2 | — | — |
| xiongmaitech | ahb7008t4-h-v2_firmware | — | — |
| xiongmaitech | ahb7016f2-gl-v4_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
versionuc-httpd 1.0.0
otherServer: uc-httpd
othercpe:2.3:a:xiongmaitech:uc-httpd:1.0.0:*:*:*:*:*:*:*
- →Detect vulnerable uc-httpd servers by checking HTTP response headers for 'uc-httpd' in the Server field and version <= 1.0.0
- →Extract server version from HTTP response header using regex pattern matching 'Server: uc-httpd/<version>'
- →Shodan query can be used to identify exposed uc-httpd instances: cpe:"cpe:2.3:a:xiongmaitech:uc-httpd"
- →CVE-2017-16725 affects all Xiongmai IP Cameras and DVRs using the NetSurveillance Web interface; successful exploitation may cause device reboot and re-enable Telnet access ↗
- →The vulnerability is triggered via a crafted HTTP request with a long URI passed to a sprintf call (stack-based buffer overflow); monitor for abnormally long HTTP URI requests to Xiongmai web interfaces ↗
- ·CVE-2017-16725 affects ALL IP Cameras and DVRs using the NetSurveillance Web interface — scope is not limited to a specific firmware version ↗
- ·CVE-2017-16725 and CVE-2018-10088 are distinct vulnerabilities in uc-httpd 1.0.0; CVE-2022-45460 may overlap CVE-2017-16725 but is a separate finding targeting Xiongmai NVR devices ↗
- ·No known public exploits specifically targeted CVE-2017-16725 at time of the ICS-CERT advisory (December 2017) ↗
- ·After exploitation and reboot, the device restores to a more vulnerable state with Telnet enabled — post-exploitation Telnet activity should be monitored ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pm7h-vr37-wmc9: Multiple Xiongmai NVR devices, including MBD6304T V4
ghsa_unreviewed·2023-03-29·CVSS 9.8
CVE-2022-45460 [CRITICAL] CWE-787 GHSA-pm7h-vr37-wmc9: Multiple Xiongmai NVR devices, including MBD6304T V4
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.
GHSA
GHSA-qr7g-vf43-mfwf: A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface
ghsa_unreviewed·2022-05-14
CVE-2017-16725 [CRITICAL] CWE-119 GHSA-qr7g-vf43-mfwf: A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.
GHSA
GHSA-3h69-fjjv-586m: Buffer overflow in XiongMai uc-httpd 1
ghsa_unreviewed·2022-05-14·CVSS 9.8
CVE-2018-10088 [CRITICAL] CWE-119 GHSA-3h69-fjjv-586m: Buffer overflow in XiongMai uc-httpd 1
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
VulnCheck
xiongmaitech uc-httpd Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2018·CVSS 9.8
CVE-2018-10088 [CRITICAL] xiongmaitech uc-httpd Improper Restriction of Operations within the Bounds of a Memory Buffer
xiongmaitech uc-httpd Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
Affected: xiongmaitech uc-httpd
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.netlab.360.com/botnets-never-die-satori-refuses-to-fade-away-en/; https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai; https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits; https://cybersecurity.att.com/blogs/la
CISA ICS
Xiongmai Technology IP Cameras and DVRs
cisa_ics·2017-12-07
Xiongmai Technology IP Cameras and DVRs
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Xiongmai Technology IP Cameras and DVRs
Last RevisedDecember 07, 2017
Alert CodeICSA-17-341-01
## CVSS v3 9.8
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Xiongmai Technology
Equipment: IP Cameras and DVRs
Vulnerability: Stack-based Buffer Overflow
## AFFECTED PRODUCTS
The following versions of Xiongmai Technology IP cameras and DVRs are affected:
- All IP Cameras and DVRs using the NetSurveillance Web interface.
## IMPACT
Successful exploitation of this vulnerability could cause the device to reboot and return to a more vulnerable state in which T
No detection rules found.
Nuclei
XiongMai uc-httpd 1.0.0 - Buffer Overflow
nuclei·CVSS 9.8
CVE-2018-10088 [CRITICAL] XiongMai uc-httpd 1.0.0 - Buffer Overflow
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
Template:
id: CVE-2018-10088
info:
name: XiongMai uc-httpd 1.0.0 - Buffer Overflow
author: 0x_Akoko
severity: critical
description: |
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
impact: |
Potential for remote code execution or denial of service when successfully exploited.
remediation: |
Update to the latest version of uc-httpd or apply security patches provided by the vendor.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-10088
- https://www.exploit-db.com/exploits/44864
- https://github.com/bitfu/uc-httpd-1.0.0-buffe
2017-12-20
Published