CVE-2023-39068

Published: Sep 11, 2023Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component.

Affected (2)

Products: Xiongmaitech: Nb080s09s Klc Firmware, Nbd80n32ra Kl V3 Firmware

2 products

Nb080s09s Klc Firmware

Nbd80n32ra Kl V3 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xiongmaitech Nb080s09s Klc Firmware	Version yk_hzxm_nbd80s09s-klc_v4.03.r11.7601.nat.onvifc.20230414

Running on/with	Platform Versions
Xiongmaitech Nb080s09s Klc	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xiongmaitech Nbd80n32ra Kl V3 Firmware	Version yk_hzxm_nbd80n32ra-kl_v4.03.r11.7601.nat.onvifc.20220120

Running on/with	Platform Versions
Xiongmaitech Nbd80n32ra Kl V3	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3

Source: cve@mitre.org

Vendor Advisory

https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.