← Voltar para CVEs
CVE-2026-34005
HIGH8.8
Descricao
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado3/29/2026
Ultima modificacao3/30/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-78
Referencias
https://uky007.github.io/CVE-2026-34005/(cve@mitre.org)
https://www.xiongmaitech.com(cve@mitre.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.