Login Sign Up

CVE-2022-34496

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload arbitrary files to the Hiby R3 PRO device via its web server interface. This affects all Hiby R3 PRO devices running firmware versions 1.5 through 1.7. Successful exploitation could lead to remote code execution or device compromise.

💻 Affected Systems

Products:
  • Hiby R3 PRO
Versions: v1.5 to v1.7
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: The web server is enabled by default on affected firmware versions.

📦 What is this software?

Hiby R3 Pro Firmware by Hiby

View all CVEs affecting Hiby R3 Pro Firmware →

Hiby R3 Pro Saber Firmware by Hiby

View all CVEs affecting Hiby R3 Pro Saber Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover with persistent backdoor installation, data theft, and potential lateral movement in connected networks.

🟠

Likely Case

Remote code execution leading to device compromise, file system manipulation, and unauthorized access to stored media files.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept demonstrates file upload without authentication. The vulnerability is straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.8 or later

Vendor Advisory: https://github.com/vext01/hiby-issues/issues/52

Restart Required: Yes

Instructions:

1. Download latest firmware from Hiby official website. 2. Connect device via USB. 3. Copy firmware file to device root directory. 4. Disconnect and restart device. 5. Device will automatically update.

🔧 Temporary Workarounds

Disable Web Server

all

Turn off the web server functionality to prevent remote exploitation.

Navigate to Settings > Network > Web Server > Turn OFF

Network Segmentation

all

Isolate Hiby R3 PRO devices on separate VLAN or network segment.

🧯 If You Can't Patch

  • Disconnect device from networks and use only via USB/local connections
  • Implement strict firewall rules blocking all inbound connections to the device

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Settings > System > About. If version is between 1.5 and 1.7 inclusive, device is vulnerable.

Check Version:

Check via device interface: Settings > System > About

Verify Fix Applied:

Verify firmware version shows 1.8 or higher after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload activity
  • Web server access from unexpected IPs
  • POST requests to upload endpoints

Network Indicators:

  • HTTP POST requests to /upload or similar endpoints
  • Unusual outbound connections from device

SIEM Query:

source="hiby_web_logs" AND (method="POST" AND uri="*upload*")

📊 Metadata

CVE ID: CVE-2022-34496
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: July 29, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-34496, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)