CVE-2026-34005 in Xiongmai AHB7008T-MH-V2 info

Summary

In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used.

Responsible

MITRE

Reservation

03/25/2026

Disclosure

03/30/2026

Entries

ID	Vulnerability	CWE	Base	Temp	0day	Today	Exp	KEV	EPSS	CTI	Cou	CVE
354125	Xiongmai AHB7008T-MH-V2 /NBD7024H-P DVRIP Protocol system os command injection	78	8.8	8.8	$0-$5k	$0-$5k	Not defined	possible	0.00000	10.00-	Not defined	CVE-2026-34005

Show more

Description
Changes
Cyber Threat Intelligence
API/JSON

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!