CVSS v3 9.8
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Xiongmai Technology
Equipment: IP Cameras and DVRs
Vulnerability: Stack-based Buffer Overflow
The following versions of Xiongmai Technology IP cameras and DVRs are affected:
- All IP Cameras and DVRs using the NetSurveillance Web interface.
Successful exploitation of this vulnerability could cause the device to reboot and return to a more vulnerable state in which Telnet is accessible.
Xiongmai Technology has not responded to requests to coordinate with NCCIC/ICS-CERT.
ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
No known public exploits specifically target this vulnerability.
The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.
Independent researcher Clinton Mielke reported this vulnerability to ICS-CERT.
Critical Infrastructure Sector: Unknown
Countries/Areas Deployed: Worldwide
Company Headquarters Location: China
Toll Free: 1-888-282-0870