Unfixed Critical Vulnerability In Millions of XiongMai Devices Disclosed

By: Sean Patton, Published on Oct 10, 2018

XiongMai, one of the biggest OEMs alongside Dahua and Hikvision, has suffered a critical vulnerability impacting millions of their devices.

This comes after XiongMai received universal criticism for the lack of security resulting in the Mirai botnet.

*******, ****** ***** *** Hikvision, *** ********** ******* issue * ******** *** for ********* ***************, ******** has *** **** * months ***** ******, ******* increasing *** ****.

****** **** ****, ** review EU-based*** ********** ********** **** ******** *************, *** ** ** so *********** *** *** this ******* * ****** track ****** *** ********.

Default ********* *** ****** ******** ***** ******** *************

*** ********* ********************* * **.* ******** score******* *** ******* *** result ** ************* ****** to *** ********** ******* through ******* ************* ***********, and ********** ************ "*******" user *******. **** ***** that **** ******* ******* the ******* ************* ********, the ****** *** ***** be ******** ******** ***** the "*******" *******.

*** ******* ** *********** vulnerable ******* ** ***** and *** ******* ****** unsigned ********. *** ****** that ** ******** *** push ********* ******** ******* through *** ***** ***** interface. 

************, *** ******:

********* *** **********************() ***** ***** *** ******* causes *** ****** ** fetch *** ******* *** malicious ********.

**** ********* ****** ** attacker ** ******* ******* onto *** *******’ ***** memory. ****** ** *** Mirai ****, ** cannot ** ******* *** **** ** ********* *** ******.

*** ********* *** ************* (***-****-*****), **** ******* *********** and********** ****** ***** ** concept ******* **** ** GitHub, ******* ********** *** chances ** ** ********.

Who ** ********

********* ** ***'* **********, this ************* ******* ******** of *******, ******* ********'* XMEye ***** *******. ***** Cloud ****** ***** ******* to ****** **** **** NVRs, ******* ** ************ to *****'* *** ***** and *********'* ***-******* ***** services.

*** ********** **** *** vendors ********, ******* ***** label *********.

* ***** **** *** of **** ** *** vendors ********:

Minimum ****** ** ******* ********** ******

***** ********* *** *** commonly **** ** ******* commercial *************, *** **** directly ****** *** ****** of *** ****** *********. However, *** ********** ****** could ** **** ******* within ***** *******.

Botnet ****

**** *****, ** **** with *****, ***** ********** devices *** ***** ****** disruption ** *** **** specific ******* ********* ************* *******.

*** ****** **** ***** devices **** ** *********** and **** ****** ******* is **** ****, ***** the ****** ** ******* and *** *********** ** an ****** ***** *** the ************* ***** ********* on *** ******** ** them.

Extends *** ***** ******

******** *** * ******** track ****** ** ************* issues. ********'* ******** ** publications **** ******** ** the ***** *** *** to********** ***** ******. **** ****** *****, a ******* ******** ** XiongMai ************* *** * **** email **** ******** ****** passwords*** ******** *******.

****, *** ***** **** 2 ********** ********** ******** vulnerabilites **** **** ****** unpatched ** ***** ****** firmware.

Not ****** ** ** **********

***** *** ********* ****** by **** *** ********** to ** ********** *****, proponents ** ******* ************* banned **** ****** *** this ** ******** **** there *** ************* **** a ***** ***** ****** than *****, *** ***** of *** ********** ** the ***.

 

Comments (14)

* ******* ********* *** cornered *** ******** ****** market, ***** ***.

** ************* *****. ****** feature *** *****. -*****

***** *** **** **.

“Not ****** ** ** **********

***** *** ********* ****** by **** *** ********** to ** ********** *****, proponents ** ******* ************* banned **** ****** *** this ** ******** **** there *** ************* **** a ***** ***** ****** than *****, *** ***** of *** ********** ** the ***.”

———————————————————————————————————-

** ******* ** *** last ********* ** *** article, ******* **** ** evidence ** ******* * larger **** ************ *** on ***** ****** **** a *** ** ****** support *** ********* **** were ******** ******** ******? 

* ***** "******** ** devices" ***** ******* *** the ********** **** *** well ******* *** *** due **, *** * quote "***** ********" 

** = **** ****** for ** ******** *****, According ** ********

** = **** ****** for ** ******** *****, According ** ********

* **** ****** ** ** ********* **** ** ***. XM ** ****** ***** the ***** ******* **** have ** **** **** to ** ******** *****. Hikvision *** ***** ** because **** **** ***** local ***** ***** *** big ********* *******.

*** ** ******* ************* with **** ***** ******** record: **** ******** ** devices, **** ***** *****, be ***-******.

*** ** ******* ************* with **** ***** ******** record: **** ******** ** devices, **** ***** *****, be ***-******.

*** ** **** **** they ***** ****** **** a ********** *********** ** slap * ******* ** the ******* *** ** take *** ** *** heat?

* ***** ** **** found *********'* *** *** provider :)

***********...

****:*****://***.***-*******.***/**/****/****/**/********-**-********-*****-************-*******-***-**-******-***-*****-*******-*****-***-*****/

****: *** ******** **** of *** “*******” **** is “********” (stored ** /***/******/********). The hash algorithm was reverse engineered before and is implemented on ******.Basically, ** ** * ****** ** . For complex passwords it should be more efficient to find a hash collision than to crack the password. Interestingly, the same hash algorithm is used in products from Dahua Technology. Possibly Xiongmai ****** **** ***** ** *** **** ********* ** **** ** *** ****** ********* *** *** **** ******* ***?

*** **** *** ******** hash ** ******* *** same ** *****, **** the **** ** *** password **** ** ****** the **** ** ******** (maybe **** ****** '/***' before '/***') *** ****** same ********.

*********

*)*****://******.***/****/***/****/******/*****-*******-****.**#***

*)*****://******.***/****/***/****/******/*****-********-***.**#***

 

*** ******** **, *** copied ***? ** ** it ****** '****** ********* SoC ***' ;-)

 

******, ***** ***. *** provide *******, ******* ********* information **** ** ****. Its * ********** ***** from *** ******** ******* plaguing **** *****. 

***** **** *********** **** was * ***** **** Dahua. * ***** *** their *** ****** ******* like *****’*.

******, **** ******** *** copied *** :)

Read this IPVM report for free.

This article is part of IPVM's 6,300 reports, 840 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Remote Access (DDNS vs P2P vs VPN) Usage Statistics 2019 on Oct 25, 2019
Remote access can make systems more usable but also more vulnerable. How are integrators delivring remote access in 2019? How many are using...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Hikvision OEM Directory on Aug 13, 2019
The Chinese government-owned and US-government banned Hikvision has become the world's largest video surveillance manufacturer and generally hidden...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Subnetting for Video Surveillance on Apr 30, 2019
This guide explains when subnetting is used on security networks, and how it works. We explain how to add or remove IP addresses to your range,...

Most Recent Industry Reports

LIVE Now "Fever Camera" Show Day 2 on Jun 03, 2020
IPVM is excited for the world's first "Fever Camera" show. Day 2 is today from 11am to 4pm EDT. Recordings from Day 1 are posted at the end of this...
Cobalt Robotics Presents Indoor Security and Access Robots on Jun 03, 2020
Cobalt Robotics presented indoor security robots at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Cobalt...
Dahua Sues Ex-North American President, Says Legal Typo on Jun 03, 2020
Dahua's former North American President Frank Zhang claims he is owed almost $11 million but Dahua counter claims it is just a "scrivener's error",...
Smart Entry Systems Presents Cloud Multi-Tenant Access Control on Jun 02, 2020
Smart Entry Systems presented Cloud Multi-Tenant Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video...
Genetec Drops Support for Dahua and Hikvision on Jun 01, 2020
Genetec has dropped support for Dahua and Hikvision, citing US blacklisting and ONVIF conformance blockage, the company informed partners in an...
Dotty "Hot Or Not" Elevated Body Temperature App Tested on Jun 01, 2020
What if you could take an existing phone or tablet and transform it into "fever camera"? That is what DottyAR is doing with their strangely named...
Optris "Fever Screening Systems" Examined on Jun 01, 2020
German manufacturer Optris has been building temperature measuring instruments for industrial manufacturing for over 15 years, and thermal cameras...
Fever Camera Sales From Integrators Surveyed on Jun 01, 2020
Fever cameras are the hottest trend in video surveillance currently but how much are integrators selling them? 220 integrators answered the...
Proxy Presents Mobile Credentials For BLE Devices and Access on May 29, 2020
Proxy presented Mobile Credentials For BLE Devices and Access at the May 2020 IPVM Startups show. Inside this report: A 30-minute video...
ISC West 2020 Moves To The Basement on May 29, 2020
The twice cancelled/postponed show will now not only be held in a different month (October) but on a different floor, moving down to the...