Search criteria
5 vulnerabilities by Uniview
CVE-2024-3850 (GCVE-0-2024-3850)
Vulnerability from cvelistv5 – Published: 2024-06-10 16:46 – Updated: 2024-08-26 22:44
VLAI?
Title
Uniview NVR301-04S2-P4 Cross-site Scripting
Summary
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Uniview | NVR301-04S2-P4 |
Affected:
0 , < NVR-B3801.20.17.240507
(custom)
|
Credits
CISA discovered a public Proof of Concept (PoC) as authored by Bleron Rrustemi and reported it to Uniview.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T19:30:41.171743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T19:30:50.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-26T22:44:36.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/r3naissance/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3850.yaml"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR301-04S2-P4",
"vendor": "Uniview",
"versions": [
{
"lessThan": "NVR-B3801.20.17.240507",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CISA discovered a public Proof of Concept (PoC) as authored by Bleron Rrustemi and reported it to Uniview."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.\u003c/span\u003e\n\n"
}
],
"value": "Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:46:42.766Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUniview encourages users to obtain the fixed version, Uniview NVR-B3801.20.17.240507, and update. You may contact your local dealer, \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.uniview.com/Support/Service_Hotline/\"\u003eUniview Service Hotline\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, or regional technical support for assistance.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Uniview encourages users to obtain the fixed version, Uniview NVR-B3801.20.17.240507, and update. You may contact your local dealer, Uniview Service Hotline https://www.uniview.com/Support/Service_Hotline/ , or regional technical support for assistance."
}
],
"source": {
"advisory": "ICSA-24-156-01",
"discovery": "EXTERNAL"
},
"title": "Uniview NVR301-04S2-P4 Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3850",
"datePublished": "2024-06-10T16:46:42.766Z",
"dateReserved": "2024-04-15T19:49:14.162Z",
"dateUpdated": "2024-08-26T22:44:36.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0778 (GCVE-0-2024-0778)
Vulnerability from cvelistv5 – Published: 2024-01-22 16:00 – Updated: 2025-05-30 14:22 Unsupported When Assigned
VLAI?
Title
Uniview ISC 2500-S VM.php setNatConfig os command injection
Summary
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Severity ?
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Uniview | ISC 2500-S |
Affected:
20210930
|
Credits
h3110w0r1d (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251696"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251696"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:35:57.768266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:22:50.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ISC 2500-S",
"vendor": "Uniview",
"versions": [
{
"status": "affected",
"version": "20210930"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h3110w0r1d (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Uniview ISC 2500-S bis 20210930 entdeckt. Es geht hierbei um die Funktion setNatConfig der Datei /Interface/DevManage/VM.php. Mittels dem Manipulieren des Arguments natAddress/natPort/natServerPort mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T16:00:06.512Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251696"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251696"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-01-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-22T10:29:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Uniview ISC 2500-S VM.php setNatConfig os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0778",
"datePublished": "2024-01-22T16:00:06.512Z",
"dateReserved": "2024-01-22T09:23:35.184Z",
"dateUpdated": "2025-05-30T14:22:50.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0773 (GCVE-0-2023-0773)
Vulnerability from cvelistv5 – Published: 2023-09-19 09:33 – Updated: 2024-09-25 14:40
VLAI?
Title
Unauthorized Access Control Vulnerability in Uniview IP Camera
Summary
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.
Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.
Severity ?
9.1 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Uniview | Uniview IP Camera IPC322LB-SF28-A |
Affected:
CIPC-B2303.X.X.XXXXXX , ≤ CIPC-B2303.2.8.230105
(custom)
Affected: DIPC-B1213.X.X.XXXXXX , ≤ DIPC-B1213.6.5.230215 (custom) Affected: DIPC-B1216.X.X.XXXXXX , ≤ DIPC-B1216.5.7.230109 (custom) Affected: DIPC-B1221.X.X.XXXXXX , ≤ DIPC-B1221.3.5.221202 (custom) Affected: DIPC-B1222.X.X.XXXXXX , ≤ DIPC-B1222.3.8.230223 (custom) Affected: DIPC-B1225.X.X.XXXXXX , ≤ DIPC-B1225.3.3.221123 (custom) Affected: DIPC-B1226.X.X.XXXXXX , ≤ DIPC-B1226.3.6.230105 (custom) Affected: DIPC-B1219.X.X.XXXXXX , ≤ DIPC-B1219.2.67.221019 (custom) Affected: DIPC-B1223.X.X.XXXXXX , ≤ DIPC-B1223.3.3.221123 (custom) Affected: DIPC-B1228.X.X.XXXXXX , ≤ DIPC-B1228.2.65.230207 (custom) Affected: DIPC-B1229.X.X.XXXXXX , ≤ DIPC-B1229.1.67.230104 (custom) |
Credits
This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering & Research Team, Karnataka, India.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:33.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:uniview:ip_camera_ipc322lb-sf28-a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_camera_ipc322lb-sf28-a",
"vendor": "uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019\taffected",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:27:10.328874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:40:18.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Uniview IP Camera IPC322LB-SF28-A",
"vendor": "Uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering \u0026 Research Team, Karnataka, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eThe vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\u003cbr\u003e"
}
],
"value": "The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T09:33:42.479Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\"\u003ehttps://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\u003c/a\u003e"
}
],
"value": " https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm "
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized Access Control Vulnerability in Uniview IP Camera"
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2023-0773",
"datePublished": "2023-09-19T09:33:42.479Z",
"dateReserved": "2023-02-10T11:41:27.681Z",
"dateUpdated": "2024-09-25T14:40:18.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45039 (GCVE-0-2021-45039)
Vulnerability from cvelistv5 – Published: 2023-05-31 00:00 – Updated: 2025-01-10 16:32
VLAI?
Summary
Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ssd-disclosure.com/ssd-advisory--uniview-preauth-rce/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.uniview.com/About_Us/Security/Notice/202112/920471_140493_0.htm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-45039",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:31:44.913582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:32:47.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ssd-disclosure.com/ssd-advisory--uniview-preauth-rce/"
},
{
"url": "https://www.uniview.com/About_Us/Security/Notice/202112/920471_140493_0.htm"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45039",
"datePublished": "2023-05-31T00:00:00",
"dateReserved": "2021-12-13T00:00:00",
"dateUpdated": "2025-01-10T16:32:47.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14923 (GCVE-0-2018-14923)
Vulnerability from cvelistv5 – Published: 2018-08-03 20:00 – Updated: 2024-09-17 02:12
VLAI?
Summary
A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:24.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-03T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/1325763",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14923",
"datePublished": "2018-08-03T20:00:00Z",
"dateReserved": "2018-08-03T00:00:00Z",
"dateUpdated": "2024-09-17T02:12:04.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}