9.8

CVE-2023-0773

EPSS 1.17%
Veröffentlicht 19.09.2023 10:15:07
Zuletzt bearbeitet 21.11.2024 07:37:47
Quelle vdisclose@cert-in.org.in
CVE-Watchlists
Login
Unerledigt
Login

Unauthorized Access Control Vulnerability in Uniview IP Camera

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.

Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 11 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= cipc-b2303.2.8.230105

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1213.6.5.230215

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1216.5.7.230109

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1221.3.5.221202

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1222.3.8.230223

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1225.3.3.221123

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1226.3.6.230105

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1219.2.67.221019

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1223.3.3.221123

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1228.2.65.230207

Uniview ≫ Ipc322lb-sf28-a Version-

Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1229.1.67.230104

Uniview ≫ Ipc322lb-sf28-a Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.17%	0.634

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vdisclose@cert-in.org.in	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm

Vendor Advisory

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0773

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0773

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0773

EUVD