{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-34005/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-34005","command-injection","xiongmai","dvr","nvr"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eXiongmai DVR/NVR devices, specifically models AHB7008T-MH-V2 and NBD7024H-P running firmware version 4.03.R11, are susceptible to root OS command injection (CVE-2026-34005). This vulnerability arises from the inadequate sanitization of the HostName value within the NetWork.NetCommon configuration handler. An authenticated attacker can inject shell metacharacters into the HostName parameter through a DVRIP protocol request via TCP port 34567. Due to the use of the \u003ccode\u003esystem()\u003c/code\u003e function, these…\u003c/p\u003e\n","date_modified":"2026-03-29T17:16:44Z","date_published":"2026-03-29T17:16:44Z","id":"/briefs/2026-03-xiongmai-command-injection/","summary":"Xiongmai DVR/NVR devices are vulnerable to root OS command injection (CVE-2026-34005) due to shell metacharacters in the HostName value, exploitable via an authenticated DVRIP request, potentially allowing arbitrary command execution with root privileges.","title":"Xiongmai DVR/NVR Root OS Command Injection Vulnerability (CVE-2026-34005)","url":"https://feed.craftedsignal.io/briefs/2026-03-xiongmai-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-34005","version":"https://jsonfeed.org/version/1.1"}