GSD-2023-0773
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.
Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-0773",
"id": "GSD-2023-0773"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-0773"
],
"details": "The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\n",
"id": "GSD-2023-0773",
"modified": "2023-12-13T01:20:22.958688Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "vdisclose@cert-in.org.in",
"ID": "CVE-2023-0773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Uniview IP Camera IPC322LB-SF28-A",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "CIPC-B2303.X.X.XXXXXX",
"version_value": "CIPC-B2303.2.8.230105"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1213.X.X.XXXXXX",
"version_value": "DIPC-B1213.6.5.230215"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1216.X.X.XXXXXX",
"version_value": "DIPC-B1216.5.7.230109"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1221.X.X.XXXXXX",
"version_value": "DIPC-B1221.3.5.221202"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1222.X.X.XXXXXX",
"version_value": "DIPC-B1222.3.8.230223"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1225.X.X.XXXXXX",
"version_value": "DIPC-B1225.3.3.221123"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1226.X.X.XXXXXX",
"version_value": "DIPC-B1226.3.6.230105"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1219.X.X.XXXXXX",
"version_value": "DIPC-B1219.2.67.221019"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1223.X.X.XXXXXX",
"version_value": "DIPC-B1223.3.3.221123"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1228.X.X.XXXXXX",
"version_value": "DIPC-B1228.2.65.230207"
},
{
"version_affected": "\u003c=",
"version_name": "DIPC-B1229.X.X.XXXXXX",
"version_value": "DIPC-B1229.1.67.230104"
}
]
}
}
]
},
"vendor_name": "Uniview"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering \u0026 Research Team, Karnataka, India."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\n"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-287",
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270",
"refsource": "MISC",
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"name": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm",
"refsource": "MISC",
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\"\u003ehttps://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\u003c/a\u003e"
}
],
"value": " https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm "
}
],
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "cipc-b2303.2.8.230105",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1213.6.5.230215",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1216.5.7.230109",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1221.3.5.221202",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1222.3.8.230223",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1225.3.3.221123",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1226.3.6.230105",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1219.2.67.221019",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1223.3.3.221123",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1228.2.65.230207",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:uniview:ipc322lb-sf28-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "dipc-b1229.1.67.230104",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:uniview:ipc322lb-sf28-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "vdisclose@cert-in.org.in",
"ID": "CVE-2023-0773"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"name": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-09-21T19:24Z",
"publishedDate": "2023-09-19T10:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…