CVE-2021-41506

CRITICAL EXPLOITED

Xiongmai DVR/NVR/IP Camera Firmware - Backdoor via Static Root Credentials

Title source: llm

Exploitation Summary

CVE-2021-41506 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.

References (4)

Core 4

Core References

Exploit, Third Party Advisory x_refsource_misc

https://habr.com/en/post/486856/

Vendor Advisory x_refsource_misc

https://www.xiongmaitech.com/en/index.php/news/info/12/68

Third Party Advisory x_refsource_misc

https://github.com/Snawoot/hisilicon-dvr-telnet

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/tothi/hs-dvr-telnet

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0175

EPSS Percentile 75.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2019-07-31

CWE

CWE-287

Status published

Products (8)

xiongmaitech/ahb7008t-mh-v2_firmware 4.02.r11.7601.nat.onvif.20170420

xiongmaitech/ahb7804r-els_firmware 4.02.r11.nat.onvif.20160422

xiongmaitech/ahb7804r-lms_firmware 4.02.r11.nat.20170301

xiongmaitech/ahb7804r-mh-v2_firmware 4.02.r11.7601.nat.onvif.20170424

xiongmaitech/ahb7808r-ms-v2_firmware 4.02.r11.nat.onvif.20170327

xiongmaitech/ahb7808r-ms_firmware 4.02.r11.nat.onvif.20160328

xiongmaitech/ahb7808t-ms-v2_firmware 4.02.r11.nat.onvifc.20161205

xiongmaitech/hi3518e_50h10l_s39_firmware 4.02.r12.nat.onvifs.20170727

Published Jun 30, 2022

Tracked Since Feb 18, 2026