jvndb-2022-002337
Vulnerability from jvndb
Published
2022-08-23 14:31
Modified
2024-06-14 10:24
Severity ?
Summary
UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions
Details
Multiple digital video recorders provided by UNIMO Technology Co., Ltd do not perform authentication for some critical functions (CWE-306) in the device management web interface.
The reporter states that attacks exploiting this vulnerability have been observed.
Yoshiki Mori, Ushimaru Hayato and Masaki Kubo of National Institute of Information and Communications Technology Cybersecurity Research Institute reported this vulnerability to the developer and coordinated. After coordination was completed, this case was reported to JPCERT/CC and JPCERT/CC coordinated with the developer for the publication.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/vu/JVNVU90821877/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-35733 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-35733 | |
| Missing Authentication for Critical Function(CWE-306) | https://cwe.mitre.org/data/definitions/306.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002337.html",
"dc:date": "2024-06-14T10:24+09:00",
"dcterms:issued": "2022-08-23T14:31+09:00",
"dcterms:modified": "2024-06-14T10:24+09:00",
"description": "Multiple digital video recorders provided by UNIMO Technology Co., Ltd do not perform authentication for some critical functions (CWE-306) in the device management web interface.\r\n\r\nThe reporter states that attacks exploiting this vulnerability have been observed.\r\n\r\nYoshiki Mori, Ushimaru Hayato and Masaki Kubo of National Institute of Information and Communications Technology Cybersecurity Research Institute reported this vulnerability to the developer and coordinated. After coordination was completed, this case was reported to JPCERT/CC and JPCERT/CC coordinated with the developer for the publication.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002337.html",
"sec:cpe": [
{
"#text": "cpe:/o:unimo:udr-ja1004_firmware",
"@product": "UDR-JA1004 firmware",
"@vendor": "UNIMO Technology Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:unimo:udr-ja1008_firmware",
"@product": "UDR-JA1008 firmware",
"@vendor": "UNIMO Technology Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:unimo:udr-ja1016_firmware",
"@product": "UDR-JA1016 firmware",
"@vendor": "UNIMO Technology Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002337",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU90821877/index.html",
"@id": "JVNVU#90821877",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-35733",
"@id": "CVE-2022-35733",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-35733",
"@id": "CVE-2022-35733",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
}
],
"title": "UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.