Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.
Conclusion & alert: CVE-2022-45045 is rated High Exploit Risk (73.1/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.24%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 1.11% | 1.24% | +0.13% |
| 2 | 2026-03-10 | 0.75% | 1.11% | +0.36% |
| 3 | 2025-12-11 | — | 0.75% | — |
Full EPSS history (16 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.8 | 3.1 | HIGH |
|
2.8 | 5.9 | [email protected] |
| 8.8 | 3.1 | HIGH |
|
2.8 | 5.9 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| xiongmaitech | mbd6304t | — | cpe:2.3:h:xiongmaitech:mbd6304t:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd6808t-pl | — | cpe:2.3:h:xiongmaitech:nbd6808t-pl:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd7004t-p | — | cpe:2.3:h:xiongmaitech:nbd7004t-p:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7008t-p | — | cpe:2.3:h:xiongmaitech:nbd7008t-p:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7016t-f-v2 | — | cpe:2.3:h:xiongmaitech:nbd7016t-f-v2:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7024h-p | — | cpe:2.3:h:xiongmaitech:nbd7024h-p:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7024t-p | — | cpe:2.3:h:xiongmaitech:nbd7024t-p:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7804r-f\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd7804r-f\(ep\):*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7804r-f\(hdmi\) | — | cpe:2.3:h:xiongmaitech:nbd7804r-f\(hdmi\):*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7804r-fw | — | cpe:2.3:h:xiongmaitech:nbd7804r-fw:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7804t-pl | — | cpe:2.3:h:xiongmaitech:nbd7804t-pl:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7808r-pl\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd7808r-pl\(ep\):*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7808r-pl\(hdmi\) | — | cpe:2.3:h:xiongmaitech:nbd7808r-pl\(hdmi\):*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7808t-pl | — | cpe:2.3:h:xiongmaitech:nbd7808t-pl:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7904r-fs | — | cpe:2.3:h:xiongmaitech:nbd7904r-fs:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7904t-p | — | cpe:2.3:h:xiongmaitech:nbd7904t-p:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7904t-pl | — | cpe:2.3:h:xiongmaitech:nbd7904t-pl:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7904t-pl-xpoe | — | cpe:2.3:h:xiongmaitech:nbd7904t-pl-xpoe:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd7904t-plc-xpoe | — | cpe:2.3:h:xiongmaitech:nbd7904t-plc-xpoe:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd7904t-q | — | cpe:2.3:h:xiongmaitech:nbd7904t-q:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd7908t-q | — | cpe:2.3:h:xiongmaitech:nbd7908t-q:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8004r-pl\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd8004r-pl\(ep\):*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8004r-yl\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd8004r-yl\(ep\):-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8004t-q | — | cpe:2.3:h:xiongmaitech:nbd8004t-q:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8008r-pl | — | cpe:2.3:h:xiongmaitech:nbd8008r-pl:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8008r-pl\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd8008r-pl\(ep\):*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8008r-yl\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd8008r-yl\(ep\):-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8008ra-gl | — | cpe:2.3:h:xiongmaitech:nbd8008ra-gl:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8008ra-glk | — | cpe:2.3:h:xiongmaitech:nbd8008ra-glk:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8008ra-ul\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd8008ra-ul\(ep\):-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8008ra-ula | — | cpe:2.3:h:xiongmaitech:nbd8008ra-ula:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8008ra-ulk | — | cpe:2.3:h:xiongmaitech:nbd8008ra-ulk:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8008t-q | — | cpe:2.3:h:xiongmaitech:nbd8008t-q:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8009s-ula-v2 | — | cpe:2.3:h:xiongmaitech:nbd8009s-ula-v2:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8010s-kl-v2 | — | cpe:2.3:h:xiongmaitech:nbd8010s-kl-v2:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8016r-ul | — | cpe:2.3:h:xiongmaitech:nbd8016r-ul:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8016ra-k\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd8016ra-k\(ep\):-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8016ra-ul | — | cpe:2.3:h:xiongmaitech:nbd8016ra-ul:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8016ra-ul\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd8016ra-ul\(ep\):-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8016ra-ula | — | cpe:2.3:h:xiongmaitech:nbd8016ra-ula:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8016ra-ulk | — | cpe:2.3:h:xiongmaitech:nbd8016ra-ulk:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8016s-kl-v2 | — | cpe:2.3:h:xiongmaitech:nbd8016s-kl-v2:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8016s-ula-v2 | — | cpe:2.3:h:xiongmaitech:nbd8016s-ula-v2:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8016t-q-v2 | — | cpe:2.3:h:xiongmaitech:nbd8016t-q-v2:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8025r-ul | — | cpe:2.3:h:xiongmaitech:nbd8025r-ul:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8032h4-p | — | cpe:2.3:h:xiongmaitech:nbd8032h4-p:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8032h4-q | — | cpe:2.3:h:xiongmaitech:nbd8032h4-q:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8032h4-qe | — | cpe:2.3:h:xiongmaitech:nbd8032h4-qe:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8032h4-ul | — | cpe:2.3:h:xiongmaitech:nbd8032h4-ul:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8032h8-p | — | cpe:2.3:h:xiongmaitech:nbd8032h8-p:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8032h8-qe | — | cpe:2.3:h:xiongmaitech:nbd8032h8-qe:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8032ra-ul-v2 | — | cpe:2.3:h:xiongmaitech:nbd8032ra-ul-v2:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8064h8-p | — | cpe:2.3:h:xiongmaitech:nbd8064h8-p:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd80n16ra-kl | — | cpe:2.3:h:xiongmaitech:nbd80n16ra-kl:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd80n16ra-kl\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd80n16ra-kl\(ep\):-:*:*:*:*:*:*:* |
| xiongmaitech | nbd80s08s-kl\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd80s08s-kl\(ep\):-:*:*:*:*:*:*:* |
| xiongmaitech | nbd80s10s-kl | — | cpe:2.3:h:xiongmaitech:nbd80s10s-kl:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd80s16s-kl | — | cpe:2.3:h:xiongmaitech:nbd80s16s-kl:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd80s16s-kl\(ep\) | — | cpe:2.3:h:xiongmaitech:nbd80s16s-kl\(ep\):-:*:*:*:*:*:*:* |
| xiongmaitech | nbd80x09ra-kl | — | cpe:2.3:h:xiongmaitech:nbd80x09ra-kl:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd80x09s-kl | — | cpe:2.3:h:xiongmaitech:nbd80x09s-kl:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd88x09s-kl | — | cpe:2.3:h:xiongmaitech:nbd88x09s-kl:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8904r-pl | — | cpe:2.3:h:xiongmaitech:nbd8904r-pl:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8904r-yl | — | cpe:2.3:h:xiongmaitech:nbd8904r-yl:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8904t-gsc-xpoe | — | cpe:2.3:h:xiongmaitech:nbd8904t-gsc-xpoe:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8904t-q | — | cpe:2.3:h:xiongmaitech:nbd8904t-q:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8908r-pl | — | cpe:2.3:h:xiongmaitech:nbd8908r-pl:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8908r-yl | — | cpe:2.3:h:xiongmaitech:nbd8908r-yl:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8908t-pl-xpoe | — | cpe:2.3:h:xiongmaitech:nbd8908t-pl-xpoe:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8908t-plc-xpoe | — | cpe:2.3:h:xiongmaitech:nbd8908t-plc-xpoe:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd8916f4-q | — | cpe:2.3:h:xiongmaitech:nbd8916f4-q:*:*:*:*:*:*:*:* |
| xiongmaitech | nbd8916f8-q | — | cpe:2.3:h:xiongmaitech:nbd8916f8-q:*:*:*:*:*:*:*:* |
| xiongmaitech | mbd6304t_firmware | 4.02.r11.00000117.10001.131900.00000 | cpe:2.3:o:xiongmaitech:mbd6304t_firmware:4.02.r11.00000117.10001.131900.00000:*:*:*:*:*:*:* |
| xiongmaitech | nbd6808t-pl_firmware | 4.02.r11.c7431119.12001.130000.00000 | cpe:2.3:o:xiongmaitech:nbd6808t-pl_firmware:4.02.r11.c7431119.12001.130000.00000:*:*:*:*:*:*:* |
| xiongmaitech | nbd7004t-p_firmware | — | cpe:2.3:o:xiongmaitech:nbd7004t-p_firmware:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd7008t-p_firmware | — | cpe:2.3:o:xiongmaitech:nbd7008t-p_firmware:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd7016t-f-v2_firmware | — | cpe:2.3:o:xiongmaitech:nbd7016t-f-v2_firmware:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd7024h-p_firmware | — | cpe:2.3:o:xiongmaitech:nbd7024h-p_firmware:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd7024t-p_firmware | — | cpe:2.3:o:xiongmaitech:nbd7024t-p_firmware:-:*:*:*:*:*:*:* |
| xiongmaitech | nbd7804r-f\(ep\)_firmware | — | cpe:2.3:o:xiongmaitech:nbd7804r-f\(ep\)_firmware:-:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://vulncheck.com/blog/xiongmai-iot-exploitation | Exploit Technical Description Third Party Advisory |