CVE-2023-0773

Unauthorized Access Control Vulnerability in Uniview IP Camera

CVSS 9.1 CRITICALEPSS 1.2%CWE-287

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.1EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

19 sep 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Productos afectados

Uniview · Uniview IP Camera IPC322LB-SF28-A

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270