CVE-2022-45460 – This critical vulnerability allows unauthentica... (How to Fix)

Q: What is the severity of CVE-2022-45460?

CVE-2022-45460 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected Xiongmai NVR devices by sending a specially crafted HTTP request with a long URI. Attackers can exploit a stack-based buffer overflow to crash the web server, reboot the system, and gain full control. Organizations using Xiongmai NVR models MBD6304T and NBD6808T-PL with specific firmware versions are affected.

📋 TL;DR

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected Xiongmai NVR devices by sending a specially crafted HTTP request with a long URI. Attackers can exploit a stack-based buffer overflow to crash the web server, reboot the system, and gain full control. Organizations using Xiongmai NVR models MBD6304T and NBD6808T-PL with specific firmware versions are affected.

💻 Affected Systems

Products:

Xiongmai MBD6304T
Xiongmai NBD6808T-PL

Versions: V4.02.R11.00000117.10001.131900.00000 and V4.02.R11.C7431119.12001.130000.00000 (likely affects other versions with similar codebase)

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with web interface enabled are vulnerable. This vulnerability is distinct from but may overlap with CVE-2017-16725.

📦 What is this software?

Mbd6304t Firmware by Xiongmaitech

View all CVEs affecting Mbd6304t Firmware →

Nbd6808t Pl Firmware by Xiongmaitech

View all CVEs affecting Nbd6808t Pl Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code, install persistent malware, access video feeds, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Remote code execution leading to system compromise, data exfiltration, and potential ransomware deployment on vulnerable NVR systems.

🟢

If Mitigated

Denial of service through system reboot if exploit fails to achieve code execution, but system remains vulnerable to subsequent attacks.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-exposed devices immediate targets.

🏢 Internal Only: HIGH - Even internally, any attacker with network access can exploit this without credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub, making exploitation trivial for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: Yes

Instructions:

1. Contact Xiongmai support for firmware updates. 2. If updates are available, download from official sources. 3. Backup configuration. 4. Apply firmware update via web interface. 5. Reboot device. 6. Verify update applied successfully.

🔧 Temporary Workarounds

Network Segmentation

linux

Isolate NVR devices from internet and restrict internal network access

iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 80 -j DROP
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 443 -j DROP

Web Interface Disable

linux

Disable web interface if not required for operations

service httpd stop
chkconfig httpd off

🧯 If You Can't Patch

Implement strict network access controls allowing only trusted IP addresses to access NVR management interface
Deploy web application firewall (WAF) with buffer overflow protection rules in front of NVR devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at System > Information > Version. If version matches affected range, device is vulnerable.

Check Version:

curl -s http://[NVR_IP]/cgi-bin/version.cgi | grep Firmware

Verify Fix Applied:

Verify firmware version has been updated to a version not in the affected range. Test with controlled exploit attempt from isolated test system.

📡 Detection & Monitoring

Log Indicators:

Web server crash logs
System reboot events
HTTP requests with unusually long URIs (>1000 characters)
Multiple failed web service restarts

Network Indicators:

HTTP GET requests with extremely long URI paths
Traffic patterns showing buffer overflow attempts
Unusual outbound connections from NVR devices

SIEM Query:

source="*nvr*" AND (uri_length>1000 OR "sprintf" IN message OR "buffer overflow" IN message OR "segmentation fault" IN message)

📊 Metadata

CVE ID: CVE-2022-45460

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 28, 2023

Last Updated: February 19, 2025

🔗 References

https://github.com/tothi/pwn-hisilicon-dvr/blob/master/pwn_hisilicon_dvr.py Exploit,Third Party Advisory
https://vulncheck.com/advisories/xiongmai-uri-overflow Exploit,Third Party Advisory
https://github.com/tothi/pwn-hisilicon-dvr/blob/master/pwn_hisilicon_dvr.py Exploit,Third Party Advisory
https://vulncheck.com/advisories/xiongmai-uri-overflow Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45460, you might also want to check these: