CVE-2023-0773

Unauthorized Access Control Vulnerability in Uniview IP Camera

CVSS 9.1 CRITICALEPSS 1.2%CWE-287

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.1EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

19 set 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Produtos afetados

Uniview · Uniview IP Camera IPC322LB-SF28-A

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270