CVE-2022-45045

HIGH EXPLOITED IN THE WILD

Xiongmaitech Mbd6304t - OS Command Injection

Title source: rule

Exploitation Summary

CVE-2022-45045 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.

References (1)

Core 1

Core References

Exploit, Technical Description, Third Party Advisory

https://vulncheck.com/blog/xiongmai-iot-exploitation

Scores

CVSS v3 8.8

EPSS 0.0124

EPSS Percentile 65.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2019-02-20

InTheWild.io 2022-12-01

CWE

CWE-78

Status published

Products (50)

xiongmaitech/mbd6304t

xiongmaitech/mbd6304t_firmware 4.02.r11.00000117.10001.131900.00000

xiongmaitech/nbd6808t-pl

xiongmaitech/nbd6808t-pl_firmware 4.02.r11.c7431119.12001.130000.00000

xiongmaitech/nbd7004t-p

xiongmaitech/nbd7004t-p_firmware

xiongmaitech/nbd7008t-p

xiongmaitech/nbd7008t-p_firmware

xiongmaitech/nbd7016t-f-v2

xiongmaitech/nbd7016t-f-v2_firmware

... and 40 more

Published Dec 01, 2022

Tracked Since Feb 18, 2026