Unfixed Critical Vulnerability In Millions of XiongMai Devices Disclosed

By: Sean Patton, Published on Oct 10, 2018

XiongMai, one of the biggest OEMs alongside Dahua and Hikvision, has suffered a critical vulnerability impacting millions of their devices.

This comes after XiongMai received universal criticism for the lack of security resulting in the Mirai botnet.

*******, ****** ***** *** Hikvision, *** ********** ******* issue * ******** *** for ********* ***************, ******** has *** **** * months ***** ******, ******* increasing *** ****.

****** **** ****, ** review EU-based*** ********** ********** **** ******** *************, *** ** ** so *********** *** *** this ******* * ****** track ****** *** ********.

Default ********* *** ****** ******** ***** ******** *************

*** ********* ********************* * **.* ******** score******* *** ******* *** result ** ************* ****** to *** ********** ******* through ******* ************* ***********, and ********** ************ "*******" user *******. **** ***** that **** ******* ******* the ******* ************* ********, the ****** *** ***** be ******** ******** ***** the "*******" *******.

*** ******* ** *********** vulnerable ******* ** ***** and *** ******* ****** unsigned ********. *** ****** that ** ******** *** push ********* ******** ******* through *** ***** ***** interface. 

************, *** ******:

********* *** **********************() ***** ***** *** ******* causes *** ****** ** fetch *** ******* *** malicious ********.

**** ********* ****** ** attacker ** ******* ******* onto *** *******’ ***** memory. ****** ** *** Mirai ****, ** cannot ** ******* *** **** ** ********* *** ******.

*** ********* *** ************* (***-****-*****), **** ******* *********** and********** ****** ***** ** concept ******* **** ** GitHub, ******* ********** *** chances ** ** ********.

Who ** ********

********* ** ***'* **********, this ************* ******* ******** of *******, ******* ********'* XMEye ***** *******. ***** Cloud ****** ***** ******* to ****** **** **** NVRs, ******* ** ************ to *****'* *** ***** and *********'* ***-******* ***** services.

*** ********** **** *** vendors ********, ******* ***** label *********.

* ***** **** *** of **** ** *** vendors ********:

Minimum ****** ** ******* ********** ******

***** ********* *** *** commonly **** ** ******* commercial *************, *** **** directly ****** *** ****** of *** ****** *********. However, *** ********** ****** could ** **** ******* within ***** *******.

Botnet ****

**** *****, ** **** with *****, ***** ********** devices *** ***** ****** disruption ** *** **** specific ******* ********* ************* *******.

*** ****** **** ***** devices **** ** *********** and **** ****** ******* is **** ****, ***** the ****** ** ******* and *** *********** ** an ****** ***** *** the ************* ***** ********* on *** ******** ** them.

Extends *** ***** ******

******** *** * ******** track ****** ** ************* issues. ********'* ******** ** publications **** ******** ** the ***** *** *** to********** ***** ******. **** ****** *****, a ******* ******** ** XiongMai ************* *** * **** email **** ******** ****** passwords*** ******** *******.

****, *** ***** **** 2 ********** ********** ******** vulnerabilites **** **** ****** unpatched ** ***** ****** firmware.

Not ****** ** ** **********

***** *** ********* ****** by **** *** ********** to ** ********** *****, proponents ** ******* ************* banned **** ****** *** this ** ******** **** there *** ************* **** a ***** ***** ****** than *****, *** ***** of *** ********** ** the ***.

 

Comments (14)

* ******* ********* *** cornered *** ******** ****** market, ***** ***.

** ************* *****. ****** feature *** *****. -*****

***** *** **** **.

“Not ****** ** ** **********

***** *** ********* ****** by **** *** ********** to ** ********** *****, proponents ** ******* ************* banned **** ****** *** this ** ******** **** there *** ************* **** a ***** ***** ****** than *****, *** ***** of *** ********** ** the ***.”

———————————————————————————————————-

** ******* ** *** last ********* ** *** article, ******* **** ** evidence ** ******* * larger **** ************ *** on ***** ****** **** a *** ** ****** support *** ********* **** were ******** ******** ******? 

* ***** "******** ** devices" ***** ******* *** the ********** **** *** well ******* *** *** due **, *** * quote "***** ********" 

** = **** ****** for ** ******** *****, According ** ********

** = **** ****** for ** ******** *****, According ** ********

* **** ****** ** ** ********* **** ** ***. XM ** ****** ***** the ***** ******* **** have ** **** **** to ** ******** *****. Hikvision *** ***** ** because **** **** ***** local ***** ***** *** big ********* *******.

*** ** ******* ************* with **** ***** ******** record: **** ******** ** devices, **** ***** *****, be ***-******.

*** ** ******* ************* with **** ***** ******** record: **** ******** ** devices, **** ***** *****, be ***-******.

*** ** **** **** they ***** ****** **** a ********** *********** ** slap * ******* ** the ******* *** ** take *** ** *** heat?

* ***** ** **** found *********'* *** *** provider :)

***********...

****:*****://***.***-*******.***/**/****/****/**/********-**-********-*****-************-*******-***-**-******-***-*****-*******-*****-***-*****/

****: *** ******** **** of *** “*******” **** is “********” (stored ** /***/******/********). The hash algorithm was reverse engineered before and is implemented on ******.Basically, ** ** * ****** ** . For complex passwords it should be more efficient to find a hash collision than to crack the password. Interestingly, the same hash algorithm is used in products from Dahua Technology. Possibly Xiongmai ****** **** ***** ** *** **** ********* ** **** ** *** ****** ********* *** *** **** ******* ***?

*** **** *** ******** hash ** ******* *** same ** *****, **** the **** ** *** password **** ** ****** the **** ** ******** (maybe **** ****** '/***' before '/***') *** ****** same ********.

*********

*)*****://******.***/****/***/****/******/*****-*******-****.**#***

*)*****://******.***/****/***/****/******/*****-********-***.**#***

 

*** ******** **, *** copied ***? ** ** it ****** '****** ********* SoC ***' ;-)

 

******, ***** ***. *** provide *******, ******* ********* information **** ** ****. Its * ********** ***** from *** ******** ******* plaguing **** *****. 

***** **** *********** **** was * ***** **** Dahua. * ***** *** their *** ****** ******* like *****’*.

******, **** ******** *** copied *** :)

Read this IPVM report for free.

This article is part of IPVM's 6,534 reports, 880 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the...
Dahua, Hikvision, ZKTeco Face Mask Detection Shootout on Jun 19, 2020
Temperature tablets with face mask detection are one of the hottest trends in...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Anixter Runs Fake Coronavirus Marketing Using Shutterstock Watermarked Images on Jul 24, 2020
Coronavirus faked marketing is regrettably commonplace right now but Anixter...
Forced Door Alarms For Access Control Tutorial on Aug 17, 2020
One of the most important access control alarms is also often ignored....
Faulty Hikvision Cali Colombia Fever Camera Implementation on Jul 20, 2020
The mayor of one of Colombia's largest cities has promoted a faulty Hikvision...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Door Fundamentals For Access Control Guide on Aug 24, 2020
Doors vary greatly in how difficult and costly it is to add electronic access...
Exit Devices For Access Control Tutorial on Aug 25, 2020
Exit Devices, also called 'Panic Bars' or 'Crash Bars' are required by safety...
Fever Cameras Are Medical Devices, Per The FDA, Dahua, Feevr, Hikvision, InVid Contrary Claims Are False on May 28, 2020
Fever cameras are medical devices, despite what euphemisms various sellers...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop,...
ZKTeco SpeedFace+ Are Medical Devices, Per FDA Definition, Contrary Claims Are False on Jun 12, 2020
ZKTeco SpeedFace+ series products are medical devices as defined by the US...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM...

Recent Reports

OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...