CVE-2023-39068 – A buffer overflow vulnerability in XiongMai NVR... (How to Fix)

Q: What is the severity of CVE-2023-39068?

CVE-2023-39068 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in XiongMai NVR firmware allows remote attackers to cause denial of service via crafted requests to the XM component. This affects users of specific NBD80S09S-KLC and NBD80N32RA-KL-V3 network video recorders running vulnerable firmware versions.

📋 TL;DR

A buffer overflow vulnerability in XiongMai NVR firmware allows remote attackers to cause denial of service via crafted requests to the XM component. This affects users of specific NBD80S09S-KLC and NBD80N32RA-KL-V3 network video recorders running vulnerable firmware versions.

💻 Affected Systems

Products:

NBD80S09S-KLC
NBD80N32RA-KL-V3

Versions: NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific firmware builds with XM component enabled

📦 What is this software?

Nb080s09s Klc Firmware by Xiongmaitech

View all CVEs affecting Nb080s09s Klc Firmware →

Nbd80n32ra Kl V3 Firmware by Xiongmaitech

View all CVEs affecting Nbd80n32ra Kl V3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation

🟠

Likely Case

Service crash causing denial of service, disrupting video surveillance functionality

🟢

If Mitigated

Limited to service disruption if exploit fails to achieve code execution

🌐 Internet-Facing: HIGH - Network video recorders are often exposed to internet for remote access

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers or lateral movement

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Crafted request to XM service component triggers buffer overflow

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for updated firmware

Vendor Advisory: https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3

Restart Required: Yes

Instructions:

1. Download latest firmware from XiongMai website 2. Backup configuration 3. Upload firmware via web interface 4. Reboot device

🔧 Temporary Workarounds

Network segmentation

all

Isolate NVR devices from internet and untrusted networks

Firewall restrictions

linux

Block access to XM service ports from untrusted sources

iptables -A INPUT -p tcp --dport [XM_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [XM_PORT] -j DROP

🧯 If You Can't Patch

Disable remote access to XM service component if possible
Implement strict network access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface: System > Information > Version

Check Version:

Check via web interface or SSH if available: cat /proc/version

Verify Fix Applied:

Verify firmware version matches patched release from vendor advisory

📡 Detection & Monitoring

Log Indicators:

XM service crashes
Abnormal request patterns to XM component
Memory allocation errors

Network Indicators:

Unusual traffic to XM service port
Malformed packets targeting NVR

SIEM Query:

source="nvr_logs" AND ("XM crash" OR "buffer overflow" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2023-39068

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: September 11, 2023

Last Updated: November 21, 2024

🔗 References

https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3 Vendor Advisory
https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39068, you might also want to check these: