9.8
CVE-2023-0773
- EPSS 0.63%
- Veröffentlicht 19.09.2023 10:15:07
- Zuletzt bearbeitet 21.11.2024 07:37:47
- Quelle vdisclose@cert-in.org.in
- CVE-Watchlists
- Unerledigt
LoginThe vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= cipc-b2303.2.8.230105
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1213.6.5.230215
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1216.5.7.230109
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1221.3.5.221202
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1222.3.8.230223
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1225.3.3.221123
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1226.3.6.230105
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1219.2.67.221019
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1223.3.3.221123
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1228.2.65.230207
Uniview ≫ Ipc322lb-sf28-a Firmware Version <= dipc-b1229.1.67.230104
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.694 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| vdisclose@cert-in.org.in | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.