PT-2026-28591 · Xiongmai · Xiongmai Dvr/Nvr Devices 4.03.R11+2

Uky

Publicado

2026-03-29

Atualizado

2026-03-30

CVE-2026-34005

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xiongmai DVR/NVR devices versions 4.03.R11 Xiongmai AHB7008T-MH-V2 Xiongmai NBD7024H-P

Description A root OS command injection can occur through the use of shell metacharacters in the HostName value. This occurs via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler. The system() function is used, which allows for the execution of arbitrary commands.

Recommendations For Xiongmai DVR/NVR devices version 4.03.R11, avoid using shell metacharacters in the HostName value. For Xiongmai AHB7008T-MH-V2, avoid using shell metacharacters in the HostName value. For Xiongmai NBD7024H-P, avoid using shell metacharacters in the HostName value.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2026-34005

Produtos afetados

Xiaongmai Ahb7008T-Mh-V2

Xiongmai Dvr/Nvr Devices 4.03.R11

Xiongmai Nbd7024H-P

PT-2026-28591 · Xiongmai · Xiongmai Dvr/Nvr Devices 4.03.R11+2

CVE-2026-34005

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9