TROYANOSYVIRUS
Volver a CVEs

CVE-2023-30466

CRITICAL
9.8

Descripcion

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/28/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

milesight:ms-n1004-ucmilesight:ms-n1004-uc_firmwaremilesight:ms-n1004-upcmilesight:ms-n1004-upc_firmwaremilesight:ms-n1008-ucmilesight:ms-n1008-uc_firmwaremilesight:ms-n1008-uncmilesight:ms-n1008-unc_firmwaremilesight:ms-n1008-unpcmilesight:ms-n1008-unpc_firmwaremilesight:ms-n1008-upcmilesight:ms-n1008-upc_firmwaremilesight:ms-n5008-emilesight:ms-n5008-e_firmwaremilesight:ms-n5008-pemilesight:ms-n5008-pe_firmwaremilesight:ms-n5008-ucmilesight:ms-n5008-uc_firmwaremilesight:ms-n5008-upcmilesight:ms-n5008-upc_firmwaremilesight:ms-n5016-emilesight:ms-n5016-e_firmwaremilesight:ms-n5016-pemilesight:ms-n5016-pe_firmwaremilesight:ms-n7016-uhmilesight:ms-n7016-uh_firmwaremilesight:ms-n7016-uphmilesight:ms-n7016-uph_firmwaremilesight:ms-n7032-uhmilesight:ms-n7032-uh_firmwaremilesight:ms-n7032-uphmilesight:ms-n7032-uph_firmwaremilesight:ms-n7048-uphmilesight:ms-n7048-uph_firmwaremilesight:ms-n8032-uhmilesight:ms-n8032-uh_firmwaremilesight:ms-n8064-uhmilesight:ms-n8064-uh_firmwaremilesight:ms-nxxxx-xxg_firmwaremilesight:ms-nxxxx-xxt_firmware

Debilidades (CWE)

CWE-640CWE-640

Referencias

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121(vdisclose@cert-in.org.in)
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.