CVE-2023-0773

Published: Sep 19, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.

Affected (11)

Products: Uniview: Ipc322lb Sf28 A Firmware

Uniview

1 product

Ipc322lb Sf28 A Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to cipc-b2303.2.8.230105

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1213.6.5.230215

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1216.5.7.230109

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1221.3.5.221202

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1222.3.8.230223

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1225.3.3.221123

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1226.3.6.230105

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1219.2.67.221019

Configuration I

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1223.3.3.221123

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1228.2.65.230207

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Uniview Ipc322lb Sf28 A Firmware	Up to dipc-b1229.1.67.230104

Running on/with	Platform Versions
Uniview Ipc322lb Sf28 A	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm

Source: vdisclose@cert-in.org.in

Vendor Advisory

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270

Source: vdisclose@cert-in.org.in

Third Party Advisory

https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.