CVE-2022-45460

Published: Mar 28, 2023

Modified: Feb 19, 2025

PUBLISHED

Description

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/tothi/pwn-hisilicon-dvr/blob/master/pwn_hisilicon_dvr.py

https://vulncheck.com/advisories/xiongmai-uri-overflow

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-45460

Description

Affected Products

References