All the vulnerabilites related to UNIMO Technology Co., Ltd - UDR-JA1004 firmware
jvndb-2022-002337
Vulnerability from jvndb
Published
2022-08-23 14:31
Modified
2024-06-14 10:24
Severity ?
Summary
UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions
Details
Multiple digital video recorders provided by UNIMO Technology Co., Ltd do not perform authentication for some critical functions (CWE-306) in the device management web interface.
The reporter states that attacks exploiting this vulnerability have been observed.
Yoshiki Mori, Ushimaru Hayato and Masaki Kubo of National Institute of Information and Communications Technology Cybersecurity Research Institute reported this vulnerability to the developer and coordinated. After coordination was completed, this case was reported to JPCERT/CC and JPCERT/CC coordinated with the developer for the publication.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/vu/JVNVU90821877/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-35733 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-35733 | |
| Missing Authentication for Critical Function(CWE-306) | https://cwe.mitre.org/data/definitions/306.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002337.html",
"dc:date": "2024-06-14T10:24+09:00",
"dcterms:issued": "2022-08-23T14:31+09:00",
"dcterms:modified": "2024-06-14T10:24+09:00",
"description": "Multiple digital video recorders provided by UNIMO Technology Co., Ltd do not perform authentication for some critical functions (CWE-306) in the device management web interface.\r\n\r\nThe reporter states that attacks exploiting this vulnerability have been observed.\r\n\r\nYoshiki Mori, Ushimaru Hayato and Masaki Kubo of National Institute of Information and Communications Technology Cybersecurity Research Institute reported this vulnerability to the developer and coordinated. After coordination was completed, this case was reported to JPCERT/CC and JPCERT/CC coordinated with the developer for the publication.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002337.html",
"sec:cpe": [
{
"#text": "cpe:/o:unimo:udr-ja1004_firmware",
"@product": "UDR-JA1004 firmware",
"@vendor": "UNIMO Technology Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:unimo:udr-ja1008_firmware",
"@product": "UDR-JA1008 firmware",
"@vendor": "UNIMO Technology Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:unimo:udr-ja1016_firmware",
"@product": "UDR-JA1016 firmware",
"@vendor": "UNIMO Technology Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002337",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU90821877/index.html",
"@id": "JVNVU#90821877",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-35733",
"@id": "CVE-2022-35733",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-35733",
"@id": "CVE-2022-35733",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
}
],
"title": "UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions"
}