Dvr/Nvr Devices
Approved changes feed: RSS · Atom
cpe:2.3:a:xiongmai:dvr/nvr_devices:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Xiongmai (1aa055a8-5231-57b8-a92e-6f6f192c495f) |
|---|---|
| Product | Dvr/Nvr Devices (176a6b34-04a7-5d65-a30a-2cc31fe17037) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-34005 |
vulnerable | 2026-06-08 07:59:11.688452 |
Details available
HIGH (8.8)
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used.
Published: 2026-03-29T17:02:15.445Z
Updated: 2026-03-30T14:19:23.210Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.