7.5
CVE-2023-3705
- EPSS 0.22%
- Veröffentlicht 24.08.2023 08:15:09
- Zuletzt bearbeitet 21.11.2024 08:17:53
- Quelle vdisclose@cert-in.org.in
- CVE-Watchlists
- Unerledigt
LoginThe vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cpplusworld ≫ Cp-vnr-3104 Firmware Version < b3223p22c02424
Cpplusworld ≫ Cp-vnr-3108 Firmware Version < b3223p22c02424
Cpplusworld ≫ Cp-vnr-3208 Firmware Version < b3223p22c02424
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.443 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| vdisclose@cert-in.org.in | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.