PT-2022-11421 · Xiongmai · Xiaongmai Ahb7804R-Els+4
Published
2022-06-30
·
Updated
2023-08-08
·
CVE-2021-41506
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Xiaongmai AHB7008T-MH-V2
Xiaongmai AHB7804R-ELS
Xiaongmai AHB7804R-MH-V2
Xiaongmai AHB7808R-MS-V2
Xiaongmai AHB7808R-MS
Xiaongmai AHB7808T-MS-V2
Xiaongmai AHB7804R-LMS
HI3518 50H10L S39 version V4.02.R11.7601.Nat.Onvif.20170420
HI3518 50H10L S39 version V4.02.R11.Nat.Onvif.20160422
HI3518 50H10L S39 version V4.02.R11.7601.Nat.Onvif.20170424
HI3518 50H10L S39 version V4.02.R11.Nat.Onvif.20170327
HI3518 50H10L S39 version V4.02.R11.Nat.Onvif.20161205
HI3518 50H10L S39 version V4.02.R11.Nat.20170301
HI3518 50H10L S39 version V4.02.R12.Nat.OnvifS.20170727
Description
The issue is related to a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xiaongmai Ahb7008T-Mh-V2
Xiaongmai Ahb7804R-Els
Xiaongmai Ahb7804R-Mh-V2
Xiaongmai Ahb7808R-Ms
Xiaongmai Ahb7808R-Ms-V2