CVE-2020-22253
published 2022-04-06CVE-2020-22253: Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.06%
60.2th percentile
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xiongmaitech | ahb7008t-mh-v2_firmware | — | — |
| xiongmaitech | ahb7804r-els_firmware | — | — |
| xiongmaitech | ahb7804r-lms_firmware | — | — |
| xiongmaitech | ahb7804r-mh-v2_firmware | — | — |
| xiongmaitech | ahb7808r-ms-v2_firmware | — | — |
| xiongmaitech | ahb7808r-ms_firmware | — | — |
| xiongmaitech | ahb7808t-ms-v2_firmware | — | — |
| xiongmaitech | hi3518e_50h10l_s39_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Auth - Possilbe CVE-2020-22253 Attempt
suricata·2022-12-02·CVSS 9.8
CVE-2020-22253 [CRITICAL] ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Auth - Possilbe CVE-2020-22253 Attempt
ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Auth - Possilbe CVE-2020-22253 Attempt
Rule: alert tcp-pkt $HOME_NET 9530 -> any any (msg:"ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Auth - Possilbe CVE-2020-22253 Attempt"; flow:established,to_client; flowbits:isset,ET.CVE-2020-22253; flowbits:set,ET.CVE-2020-22253_stage2; content:"verify:OK"; reference:url,habr.com/en/post/486856/; reference:url,vulncheck.com/blog/xiongmai-iot-exploitation; reference:url,github.com/tothi/hs-dvr-telnet; reference:cve,2020-22253; classtype:successful-admin; sid:2041647; rev:1; metadata:attack_target IoT, created_at 2022_12_02, cve CVE_2020_22253, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_12_02;)
Suricata
ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Telnet Opening - Successful CVE-2020-22253 Attempt
suricata·2022-12-02·CVSS 9.8
CVE-2020-22253 [CRITICAL] ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Telnet Opening - Successful CVE-2020-22253 Attempt
ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Telnet Opening - Successful CVE-2020-22253 Attempt
Rule: alert tcp-pkt $HOME_NET 9530 -> any any (msg:"ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Telnet Opening - Successful CVE-2020-22253 Attempt"; flow:established,to_client; flowbits:isset,ET.CVE-2020-22253; flowbits:isset,ET.CVE-2020-22253_stage2; content:"Open:OK"; reference:url,habr.com/en/post/486856/; reference:url,vulncheck.com/blog/xiongmai-iot-exploitation; reference:url,github.com/tothi/hs-dvr-telnet; reference:cve,2020-22253; classtype:successful-admin; sid:2041648; rev:1; metadata:attack_target IoT, created_at 2022_12_02, cve CVE_2020_22253, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_12_02;)
Suricata
ET EXPLOIT Xiongmai/HiSilicon DVR - OpenTelnet Inbound - Possilbe CVE-2020-22253 Attempt
suricata·2022-12-02·CVSS 9.8
CVE-2020-22253 [CRITICAL] ET EXPLOIT Xiongmai/HiSilicon DVR - OpenTelnet Inbound - Possilbe CVE-2020-22253 Attempt
ET EXPLOIT Xiongmai/HiSilicon DVR - OpenTelnet Inbound - Possilbe CVE-2020-22253 Attempt
Rule: alert tcp-pkt any any -> $HOME_NET 9530 (msg:"ET EXPLOIT Xiongmai/HiSilicon DVR - OpenTelnet Inbound - Possilbe CVE-2020-22253 Attempt"; flow:established,to_server; flowbits:set,ET.CVE-2020-22253; flowbits:noalert; stream_size:server,<,5; dsize:20; content:"|13|OpenTelnet:OpenOnce"; reference:url,habr.com/en/post/486856/; reference:url,vulncheck.com/blog/xiongmai-iot-exploitation; reference:url,github.com/tothi/hs-dvr-telnet; reference:cve,2020-22253; classtype:attempted-recon; sid:2041646; rev:2; metadata:attack_target IoT, created_at 2022_12_02, cve CVE_2020_22253, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03
No public exploits indexed.
No writeups or analysis indexed.
2022-04-06
Published