CVE-2021-41506

Description

Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.

Related CPE's

oxiongmaitechahb7008t-mh-v2_firmware4.02.r11.7601.nat.onvif.20170420*******

hxiongmaitechahb7008t-mh-v2-*******

oxiongmaitechahb7804r-els_firmware4.02.r11.nat.onvif.20160422*******

hxiongmaitechahb7804r-els-*******

oxiongmaitechahb7804r-mh-v2_firmware4.02.r11.7601.nat.onvif.20170424*******

hxiongmaitechahb7804r-mh-v2-*******

oxiongmaitechahb7808r-ms-v2_firmware4.02.r11.nat.onvif.20170327*******

hxiongmaitechahb7808r-ms-v2-*******

oxiongmaitechahb7808r-ms_firmware4.02.r11.nat.onvif.20160328*******

hxiongmaitechahb7808r-ms-*******

References

https://github.com/Snawoot/hisilicon-dvr-telnet

Third Party Advisory

https://github.com/tothi/hs-dvr-telnet

Third Party Advisory

https://habr.com/en/post/486856/

ExploitThird Party Advisory

https://www.xiongmaitech.com/en/index.php/news/info/12/68

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

10

VectorString

AV:N/AC:L/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io