Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-45460 PoC — Xiongmai NVR devices 缓冲区错误漏洞

Source
https://github.com/born0monday/CVE-2022-45460
Associated Vulnerability
Title:Xiongmai NVR devices 缓冲区错误漏洞 (CVE-2022-45460)
Description:Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.
Description
Proof of Concept for CVE-2022-45460
Readme
# Proof of Concept for CVE-2022-45460

Detailed write-up is available [here](https://modzero.com/en/blog/roping-our-way-to-rce/).
File Snapshot

 [4.0K]  /data/pocs/fb1128bb3d011b45cf1d5c528b565b3b4731054f
├── [3.4K]  exploit-pwntools.py
├── [4.7K]  exploit.py
├── [2.5K]  exploit-simple.py
└── [ 132]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →