VYPR
Vendor

Xiongmaitech

Products
119
CVEs
18
Across products
43
Status
Private

Products

119
View all 119 products →

Recent CVEs

18
  • CVE-2018-10088CriJun 8, 2018
    risk 0.70cvss 9.8epss 0.40

    Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.

  • CVE-2017-7577CriApr 7, 2017
    risk 0.66cvss 9.8epss 0.29

    XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.

  • CVE-2024-3765CriApr 14, 2024
    risk 0.64cvss 9.8epss 0.01

    A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Service. The manipulation…

  • CVE-2017-16725CriDec 20, 2017
    risk 0.64cvss 9.8epss 0.09

    A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device.…

  • CVE-2026-34005HigMar 29, 2026
    risk 0.57cvss 8.8epss 0.02

    In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because…

  • CVE-2026-0854HigJan 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

  • CVE-2025-65857HigDec 22, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

  • CVE-2021-41419Jul 17, 2022
    risk 0.06cvss epss 0.07

    QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.

  • CVE-2022-45460Mar 28, 2023
    risk 0.04cvss epss 0.06

    Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system…

  • CVE-2025-65856Dec 22, 2025
    risk 0.00cvss epss 0.01

    Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce…

  • CVE-2023-28811Nov 23, 2023
    risk 0.00cvss epss 0.00

    There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

  • CVE-2022-45045Dec 1, 2022
    risk 0.00cvss epss 0.01

    Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and…

  • CVE-2021-38827Nov 14, 2022
    risk 0.00cvss epss 0.01

    Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.

  • CVE-2021-38828Nov 14, 2022
    risk 0.00cvss epss 0.00

    Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing.

  • CVE-2021-44954Jul 17, 2022
    risk 0.00cvss epss 0.00

    In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration.

  • CVE-2021-41506Jun 30, 2022
    risk 0.00cvss epss 0.02

    Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327,…

  • CVE-2020-22253Apr 6, 2022
    risk 0.00cvss epss 0.01

    Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections…

  • CVE-2022-26259Mar 28, 2022
    risk 0.00cvss epss 0.02

    A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.