5.3
CVE-2023-3704
- EPSS 0.1%
- Veröffentlicht 24.08.2023 07:15:11
- Zuletzt bearbeitet 21.11.2024 08:17:52
- Quelle vdisclose@cert-in.org.in
- CVE-Watchlists
- Unerledigt
LoginThe vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cpplusworld ≫ Cp-uvr-1601e1-hc Firmware Version < 4.000.00at008.0.0.r20230302
Cpplusworld ≫ Cp-uvr-0401l1-4kh Firmware Version < 4.000.00at008.0.0.r20230302
Cpplusworld ≫ Cp-uvr-0401l1b-4kh Firmware Version < 4.000.00at008.0.0.r20230302
Cpplusworld ≫ Cp-uvr-0801f1-hc Firmware Version < 4.000.00at008.0.0.r20230302
Cpplusworld ≫ Cp-uvr-0801k1-h Firmware Version < 4.000.00at008.0.0.r20230302
Cpplusworld ≫ Cp-uvr-0801k1b-h Firmware Version < 4.000.00at008.0.0.r20230302
Cpplusworld ≫ Cp-uvr-0808k1-h Firmware Version < 4.000.00at008.0.0.r20230302
Cpplusworld ≫ Cp-uvr-1601e1-h Firmware Version < 4.000.00at008.0.0.r20230302
Cpplusworld ≫ Cp-uvr-1601e2-h Firmware Version < 4.000.00at008.0.0.r20230302
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.282 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| vdisclose@cert-in.org.in | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.