CVE-2026-34005

{"id": "CVE-2026-34005", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-03-29T17:16:44.257", "references": [{"url": "https://uky007.github.io/CVE-2026-34005/", "source": "cve@mitre.org"}, {"url": "https://www.xiongmaitech.com", "source": "cve@mitre.org"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used."}, {"lang": "es", "value": "En dispositivos Xiongmai DVR/NVR (AHB7008T-MH-V2 y NBD7024H-P) 4.03.R11 de Sofia, puede ocurrir una inyecci\u00f3n de comandos del sistema operativo como root a trav\u00e9s de metacaracteres de shell en el valor HostName mediante una solicitud autenticada del protocolo DVRIP (protocolo TCP puerto 34567) al gestor de configuraci\u00f3n NetWork.NetCommon, porque se utiliza system()."}], "lastModified": "2026-04-27T19:18:46.690", "sourceIdentifier": "cve@mitre.org"}