7.5
CVE-2022-3001
- EPSS 1.17%
- Veröffentlicht 15.09.2022 15:15:10
- Zuletzt bearbeitet 21.11.2024 07:18:37
- Quelle vdisclose@cert-in.org.in
- CVE-Watchlists
- Unerledigt
LoginVulnerability in Milesight Video Management Systems (VMS)
This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Milesight ≫ Video Management Systems Firmware Version < 40.7.0.79
Milesight ≫ Video Management Systems Firmware Version40.7.0.79 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.17% | 0.634 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| vdisclose@cert-in.org.in | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0352