CVE-2022-45045

8.8

HIGH CVSS 3.1

Xiongmai NVR Remote Command Execution (RCE) Vulnerability

Description

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.

INFO

Published Date :

Dec. 1, 2022, 5:15 a.m.

Last Modified :

April 24, 2025, 8:15 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]

Affected Products

The following products are affected by CVE-2022-45045 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Xiongmaitech	mbd6304t
2	Xiongmaitech	nbd6808t-pl
3	Xiongmaitech	nbd7004t-p
4	Xiongmaitech	nbd7008t-p
5	Xiongmaitech	nbd7016t-f-v2
6	Xiongmaitech	nbd7024h-p
7	Xiongmaitech	nbd7024t-p
8	Xiongmaitech	nbd7804r-f\(ep\)
9	Xiongmaitech	nbd7804r-f\(hdmi\)
10	Xiongmaitech	nbd7804r-fw
11	Xiongmaitech	nbd7804t-pl
12	Xiongmaitech	nbd7808r-pl\(ep\)
13	Xiongmaitech	nbd7808r-pl\(hdmi\)
14	Xiongmaitech	nbd7808t-pl
15	Xiongmaitech	nbd7904r-fs
16	Xiongmaitech	nbd7904t-p
17	Xiongmaitech	nbd7904t-pl
18	Xiongmaitech	nbd7904t-pl-xpoe
19	Xiongmaitech	nbd7904t-plc-xpoe
20	Xiongmaitech	nbd7904t-q
21	Xiongmaitech	nbd7908t-q
22	Xiongmaitech	nbd8004r-pl\(ep\)
23	Xiongmaitech	nbd8004r-yl\(ep\)
24	Xiongmaitech	nbd8004t-q
25	Xiongmaitech	nbd8008r-pl
26	Xiongmaitech	nbd8008r-pl\(ep\)
27	Xiongmaitech	nbd8008r-yl\(ep\)
28	Xiongmaitech	nbd8008ra-gl
29	Xiongmaitech	nbd8008ra-glk
30	Xiongmaitech	nbd8008ra-ul\(ep\)
31	Xiongmaitech	nbd8008ra-ula
32	Xiongmaitech	nbd8008ra-ulk
33	Xiongmaitech	nbd8008t-q
34	Xiongmaitech	nbd8009s-ula-v2
35	Xiongmaitech	nbd8010s-kl-v2
36	Xiongmaitech	nbd8016r-ul
37	Xiongmaitech	nbd8016ra-k\(ep\)
38	Xiongmaitech	nbd8016ra-ul
39	Xiongmaitech	nbd8016ra-ul\(ep\)
40	Xiongmaitech	nbd8016ra-ula
41	Xiongmaitech	nbd8016ra-ulk
42	Xiongmaitech	nbd8016s-kl-v2
43	Xiongmaitech	nbd8016s-ula-v2
44	Xiongmaitech	nbd8016t-q-v2
45	Xiongmaitech	nbd8025r-ul
46	Xiongmaitech	nbd8032h4-p
47	Xiongmaitech	nbd8032h4-q
48	Xiongmaitech	nbd8032h4-qe
49	Xiongmaitech	nbd8032h4-ul
50	Xiongmaitech	nbd8032h8-p
51	Xiongmaitech	nbd8032h8-qe
52	Xiongmaitech	nbd8032ra-ul-v2
53	Xiongmaitech	nbd8064h8-p
54	Xiongmaitech	nbd80n16ra-kl
55	Xiongmaitech	nbd80n16ra-kl\(ep\)
56	Xiongmaitech	nbd80s08s-kl\(ep\)
57	Xiongmaitech	nbd80s10s-kl
58	Xiongmaitech	nbd80s16s-kl
59	Xiongmaitech	nbd80s16s-kl\(ep\)
60	Xiongmaitech	nbd80x09ra-kl
61	Xiongmaitech	nbd80x09s-kl
62	Xiongmaitech	nbd88x09s-kl
63	Xiongmaitech	nbd8904r-pl
64	Xiongmaitech	nbd8904r-yl
65	Xiongmaitech	nbd8904t-gsc-xpoe
66	Xiongmaitech	nbd8904t-q
67	Xiongmaitech	nbd8908r-pl
68	Xiongmaitech	nbd8908r-yl
69	Xiongmaitech	nbd8908t-pl-xpoe
70	Xiongmaitech	nbd8908t-plc-xpoe
71	Xiongmaitech	nbd8916f4-q
72	Xiongmaitech	nbd8916f8-q
73	Xiongmaitech	mbd6304t_firmware
74	Xiongmaitech	nbd6808t-pl_firmware
75	Xiongmaitech	nbd7004t-p_firmware
76	Xiongmaitech	nbd7008t-p_firmware
77	Xiongmaitech	nbd7016t-f-v2_firmware
78	Xiongmaitech	nbd7024h-p_firmware
79	Xiongmaitech	nbd7024t-p_firmware
80	Xiongmaitech	nbd7804r-f\(ep\)_firmware
81	Xiongmaitech	nbd7804r-f\(hdmi\)_firmware
82	Xiongmaitech	nbd7804r-fw_firmware
83	Xiongmaitech	nbd7804t-pl_firmware
84	Xiongmaitech	nbd7808r-pl\(ep\)_firmware
85	Xiongmaitech	nbd7808r-pl\(hdmi\)_firmware
86	Xiongmaitech	nbd7808t-pl_firmware
87	Xiongmaitech	nbd7904r-fs_firmware
88	Xiongmaitech	nbd7904t-p_firmware
89	Xiongmaitech	nbd7904t-pl_firmware
90	Xiongmaitech	nbd7904t-pl-xpoe_firmware
91	Xiongmaitech	nbd7904t-plc-xpoe_firmware
92	Xiongmaitech	nbd7904t-q_firmware
93	Xiongmaitech	nbd7908t-q_firmware
94	Xiongmaitech	nbd8004r-pl\(ep\)_firmware
95	Xiongmaitech	nbd8004r-yl\(ep\)_firmware
96	Xiongmaitech	nbd8004t-q_firmware
97	Xiongmaitech	nbd8008r-pl_firmware
98	Xiongmaitech	nbd8008r-pl\(ep\)_firmware
99	Xiongmaitech	nbd8008r-yl\(ep\)_firmware
100	Xiongmaitech	nbd8008ra-gl_firmware
101	Xiongmaitech	nbd8008ra-glk_firmware
102	Xiongmaitech	nbd8008ra-ul\(ep\)_firmware
103	Xiongmaitech	nbd8008ra-ula_firmware
104	Xiongmaitech	nbd8008ra-ulk_firmware
105	Xiongmaitech	nbd8008t-q_firmware
106	Xiongmaitech	nbd8009s-ula-v2_firmware
107	Xiongmaitech	nbd8010s-kl-v2_firmware
108	Xiongmaitech	nbd8016r-ul_firmware
109	Xiongmaitech	nbd8016ra-k\(ep\)_firmware
110	Xiongmaitech	nbd8016ra-ul_firmware
111	Xiongmaitech	nbd8016ra-ul\(ep\)_firmware
112	Xiongmaitech	nbd8016ra-ula_firmware
113	Xiongmaitech	nbd8016ra-ulk_firmware
114	Xiongmaitech	nbd8016s-kl-v2_firmware
115	Xiongmaitech	nbd8016s-ula-v2_firmware
116	Xiongmaitech	nbd8016t-q-v2_firmware
117	Xiongmaitech	nbd8025r-ul_firmware
118	Xiongmaitech	nbd8032h4-p_firmware
119	Xiongmaitech	nbd8032h4-q_firmware
120	Xiongmaitech	nbd8032h4-qe_firmware
121	Xiongmaitech	nbd8032h4-ul_firmware
122	Xiongmaitech	nbd8032h8-p_firmware
123	Xiongmaitech	nbd8032h8-qe_firmware
124	Xiongmaitech	nbd8032ra-ul-v2_firmware
125	Xiongmaitech	nbd8064h8-p_firmware
126	Xiongmaitech	nbd80n16ra-kl_firmware
127	Xiongmaitech	nbd80n16ra-kl\(ep\)_firmware
128	Xiongmaitech	nbd80s08s-kl\(ep\)_firmware
129	Xiongmaitech	nbd80s10s-kl_firmware
130	Xiongmaitech	nbd80s16s-kl_firmware
131	Xiongmaitech	nbd80s16s-kl\(ep\)_firmware
132	Xiongmaitech	nbd80x09ra-kl_firmware
133	Xiongmaitech	nbd80x09s-kl_firmware
134	Xiongmaitech	nbd88x09s-kl_firmware
135	Xiongmaitech	nbd8904r-pl_firmware
136	Xiongmaitech	nbd8904r-yl_firmware
137	Xiongmaitech	nbd8904t-gsc-xpoe_firmware
138	Xiongmaitech	nbd8904t-q_firmware
139	Xiongmaitech	nbd8908r-pl_firmware
140	Xiongmaitech	nbd8908r-yl_firmware
141	Xiongmaitech	nbd8908t-pl-xpoe_firmware
142	Xiongmaitech	nbd8908t-plc-xpoe_firmware
143	Xiongmaitech	nbd8916f4-q_firmware
144	Xiongmaitech	nbd8916f8-q_firmware

: Total Affected Vendor : 1 | Products : 144

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	HIGH				[email protected]
	CVSS 3.1	HIGH				134c704f-9b21-4f2e-91b3-4a467353bcc0

Public PoC/Exploit Available at Github

CVE-2022-45045 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-45045.

URL	Resource
https://vulncheck.com/blog/xiongmai-iot-exploitation	Exploit Technical Description Third Party Advisory
https://vulncheck.com/blog/xiongmai-iot-exploitation	Exploit Technical Description Third Party Advisory

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-45045 is associated with the following CWEs:

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-45045 weaknesses.

CAPEC-6: Argument Injection Argument Injection CAPEC-15: Command Delimiters Command Delimiters CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-88: OS Command Injection OS Command Injection CAPEC-108: Command Line Execution through SQL Injection Command Line Execution through SQL Injection

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

rojasjo/TelnetHoneypot.Net

This is a simple telnet honeypot written in C# that can be used to monitor and log telnet connection attempts.

Updated: 2 years, 4 months ago

0 stars 0 fork 0 watcher

Born at : March 25, 2023, 8:36 a.m. This repo has been linked 5 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-45045 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2022-45045 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Apr. 24, 2025

Action	Type	Old Value	New Value
Added	CVSS V3.1		AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CWE		CWE-78

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	Old Value	New Value
Added	Reference		https://vulncheck.com/blog/xiongmai-iot-exploitation

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

Initial Analysis by [email protected]

Dec. 06, 2022

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://vulncheck.com/blog/xiongmai-iot-exploitation No Types Assigned	https://vulncheck.com/blog/xiongmai-iot-exploitation Exploit, Technical Description, Third Party Advisory
Added	CWE		NIST CWE-78
Added	CPE Configuration		OR cpe:2.3:h:xiongmaitech:mbd6304t:-::::::: cpe:2.3:h:xiongmaitech:nbd6808t-pl:-::::::: cpe:2.3:h:xiongmaitech:nbd7004t-p::::::::* cpe:2.3:h:xiongmaitech:nbd7008t-p::::::::* cpe:2.3:h:xiongmaitech:nbd7016t-f-v2::::::::* cpe:2.3:h:xiongmaitech:nbd7024h-p::::::::* cpe:2.3:h:xiongmaitech:nbd7024t-p::::::::* cpe:2.3:h:xiongmaitech:nbd7804r-f\(ep\)::::::::* cpe:2.3:h:xiongmaitech:nbd7804r-f\(hdmi\)::::::::* cpe:2.3:h:xiongmaitech:nbd7804r-fw::::::::* cpe:2.3:h:xiongmaitech:nbd7804t-pl::::::::* cpe:2.3:h:xiongmaitech:nbd7808r-pl\(ep\)::::::::* cpe:2.3:h:xiongmaitech:nbd7808r-pl\(hdmi\)::::::::* cpe:2.3:h:xiongmaitech:nbd7808t-pl::::::::* cpe:2.3:h:xiongmaitech:nbd7904r-fs::::::::* cpe:2.3:h:xiongmaitech:nbd7904t-p::::::::* cpe:2.3:h:xiongmaitech:nbd7904t-pl::::::::* cpe:2.3:h:xiongmaitech:nbd7904t-pl-xpoe:-::::::: cpe:2.3:h:xiongmaitech:nbd7904t-plc-xpoe:-::::::: cpe:2.3:h:xiongmaitech:nbd7904t-q::::::::* cpe:2.3:h:xiongmaitech:nbd7908t-q::::::::* cpe:2.3:h:xiongmaitech:nbd8004r-pl\(ep\)::::::::* cpe:2.3:h:xiongmaitech:nbd8004r-yl\(ep\):-::::::: cpe:2.3:h:xiongmaitech:nbd8004t-q::::::::* cpe:2.3:h:xiongmaitech:nbd8008r-pl::::::::* cpe:2.3:h:xiongmaitech:nbd8008r-pl\(ep\)::::::::* cpe:2.3:h:xiongmaitech:nbd8008r-yl\(ep\):-::::::: cpe:2.3:h:xiongmaitech:nbd8008ra-gl:-::::::: cpe:2.3:h:xiongmaitech:nbd8008ra-glk:-::::::: cpe:2.3:h:xiongmaitech:nbd8008ra-ul\(ep\):-::::::: cpe:2.3:h:xiongmaitech:nbd8008ra-ula:-::::::: cpe:2.3:h:xiongmaitech:nbd8008ra-ulk:-::::::: cpe:2.3:h:xiongmaitech:nbd8008t-q::::::::* cpe:2.3:h:xiongmaitech:nbd8009s-ula-v2:-::::::: cpe:2.3:h:xiongmaitech:nbd8010s-kl-v2:-::::::: cpe:2.3:h:xiongmaitech:nbd8016r-ul::::::::* cpe:2.3:h:xiongmaitech:nbd8016ra-k\(ep\):-::::::: cpe:2.3:h:xiongmaitech:nbd8016ra-ul:-::::::: cpe:2.3:h:xiongmaitech:nbd8016ra-ul\(ep\):-::::::: cpe:2.3:h:xiongmaitech:nbd8016ra-ula:-::::::: cpe:2.3:h:xiongmaitech:nbd8016ra-ulk:-::::::: cpe:2.3:h:xiongmaitech:nbd8016s-kl-v2:-::::::: cpe:2.3:h:xiongmaitech:nbd8016s-ula-v2:-::::::: cpe:2.3:h:xiongmaitech:nbd8016t-q-v2::::::::* cpe:2.3:h:xiongmaitech:nbd8025r-ul::::::::* cpe:2.3:h:xiongmaitech:nbd8032h4-p::::::::* cpe:2.3:h:xiongmaitech:nbd8032h4-q::::::::* cpe:2.3:h:xiongmaitech:nbd8032h4-qe::::::::* cpe:2.3:h:xiongmaitech:nbd8032h4-ul:-::::::: cpe:2.3:h:xiongmaitech:nbd8032h8-p::::::::* cpe:2.3:h:xiongmaitech:nbd8032h8-qe::::::::* cpe:2.3:h:xiongmaitech:nbd8032ra-ul-v2:-::::::: cpe:2.3:h:xiongmaitech:nbd8064h8-p::::::::* cpe:2.3:h:xiongmaitech:nbd80n16ra-kl:-::::::: cpe:2.3:h:xiongmaitech:nbd80n16ra-kl\(ep\):-::::::: cpe:2.3:h:xiongmaitech:nbd80s08s-kl\(ep\):-::::::: cpe:2.3:h:xiongmaitech:nbd80s10s-kl:-::::::: cpe:2.3:h:xiongmaitech:nbd80s16s-kl:-::::::: cpe:2.3:h:xiongmaitech:nbd80s16s-kl\(ep\):-::::::: cpe:2.3:h:xiongmaitech:nbd80x09ra-kl:-::::::: cpe:2.3:h:xiongmaitech:nbd80x09s-kl:-::::::: cpe:2.3:h:xiongmaitech:nbd88x09s-kl:-::::::: cpe:2.3:h:xiongmaitech:nbd8904r-pl::::::::* cpe:2.3:h:xiongmaitech:nbd8904r-yl:-::::::: cpe:2.3:h:xiongmaitech:nbd8904t-gsc-xpoe:-::::::: cpe:2.3:h:xiongmaitech:nbd8904t-q::::::::* cpe:2.3:h:xiongmaitech:nbd8908r-pl::::::::* cpe:2.3:h:xiongmaitech:nbd8908r-yl::::::::* cpe:2.3:h:xiongmaitech:nbd8908t-pl-xpoe:-::::::: cpe:2.3:h:xiongmaitech:nbd8908t-plc-xpoe:-::::::: cpe:2.3:h:xiongmaitech:nbd8916f4-q::::::::* cpe:2.3:h:xiongmaitech:nbd8916f8-q::::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:mbd6304t_firmware:4.02.r11.00000117.10001.131900.00000::::::: OR cpe:2.3:h:xiongmaitech:mbd6304t:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd6808t-pl_firmware:4.02.r11.c7431119.12001.130000.00000::::::: OR cpe:2.3:h:xiongmaitech:nbd6808t-pl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7004t-p_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7004t-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7008t-p_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7008t-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7016t-f-v2_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7016t-f-v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7024h-p_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7024h-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7024t-p_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7024t-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7804r-f\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7804r-f\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7804r-f\(hdmi\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7804r-f\(hdmi\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7804r-fw_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7804r-fw:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7804t-pl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7804t-pl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7808r-pl\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7808r-pl\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7808r-pl\(hdmi\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7808r-pl\(hdmi\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7808t-pl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7808t-pl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7904r-fs_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7904r-fs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7904t-p_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7904t-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7904t-pl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7904t-pl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7904t-pl-xpoe_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7904t-pl-xpoe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7904t-plc-xpoe_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7904t-plc-xpoe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7904t-q_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7904t-q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd7908t-q_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd7908t-q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8004r-pl\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8004r-pl\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8004r-yl\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8004r-yl\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8004t-q_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8004t-q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8008r-pl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8008r-pl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8008r-pl\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8008r-pl\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8008r-yl\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8008r-yl\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8008ra-gl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8008ra-gl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8008ra-glk_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8008ra-glk:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8008ra-ul\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8008ra-ul\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8008ra-ula_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8008ra-ula:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8008ra-ulk_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8008ra-ulk:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8008t-q_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8008t-q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8009s-ula-v2_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8009s-ula-v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8010s-kl-v2_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8010s-kl-v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8016r-ul_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8016r-ul:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8016ra-k\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8016ra-k\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8016ra-ul_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8016ra-ul:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8016ra-ul\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8016ra-ul\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8016ra-ula_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8016ra-ula:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8016ra-ulk_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8016ra-ulk:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8016s-kl-v2_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8016s-kl-v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8016s-ula-v2_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8016s-ula-v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8016t-q-v2_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8016t-q-v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8025r-ul_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8025r-ul:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8032h4-p_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8032h4-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8032h4-q_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8032h4-q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8032h4-qe_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8032h4-qe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8032h4-ul_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8032h4-ul:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8032h8-p_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8032h8-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8032h8-qe_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8032h8-qe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8032ra-ul-v2_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8032ra-ul-v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8064h8-p_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8064h8-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd80n16ra-kl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd80n16ra-kl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd80n16ra-kl\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd80n16ra-kl\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd80s08s-kl\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd80s08s-kl\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd80s10s-kl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd80s10s-kl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd80s16s-kl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd80s16s-kl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd80s16s-kl\(ep\)_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd80s16s-kl\(ep\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd80x09ra-kl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd80x09ra-kl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd80x09s-kl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd80x09s-kl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd88x09s-kl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd88x09s-kl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8904r-pl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8904r-pl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8904r-yl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8904r-yl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8904t-gsc-xpoe_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8904t-gsc-xpoe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8904t-q_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8904t-q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8908r-pl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8908r-pl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8908r-yl_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8908r-yl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8908t-pl-xpoe_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8908t-pl-xpoe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8908t-plc-xpoe_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8908t-plc-xpoe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8916f4-q_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8916f4-q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:xiongmaitech:nbd8916f8-q_firmware:-::::::: OR cpe:2.3:h:xiongmaitech:nbd8916f8-q:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CVE-2022-45045

Xiongmai NVR Remote Command Execution (RCE) Vulnerability

Description

INFO

Dec. 1, 2022, 5:15 a.m.

April 24, 2025, 8:15 p.m.

Yes !

[email protected]

Affected Products

CVSS Scores

Public PoC/Exploit Available at Github

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

rojasjo/TelnetHoneypot.Net

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by [email protected]

Initial Analysis by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 8.8

Exploit Prediction

0.19 }} -0.41%

0.37323

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable