Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Xiongmai DVR/NVR 操作系统命令注入漏洞
Vulnerability Description
Xiongmai DVR/NVR是中国雄迈(Xiongmai)公司的一款运行于视频监控设备上的嵌入式系统与控制平台。 Xiongmai DVR/NVR 4.03.R11版本存在操作系统命令注入漏洞,该漏洞源于HostName值中的shell元字符,可能导致经过身份验证的root OS命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A