CVE-2023-30466

Published: Apr 28, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.

Affected (21)

Products: Milesight: Ms N5008 Uc Firmware, Ms N1008 Unc Firmware, Ms N1008 Uc Firmware, Ms N1004 Uc Firmware, Ms N5016 E Firmware, Ms N5008 E Firmware, Ms N7016 Uh Firmware, Ms N7032 Uh Firmware, Ms N8064 Uh Firmware, Ms N8032 Uh Firmware, Ms N1004 Upc Firmware, Ms N1008 Upc Firmware, Ms N1008 Unpc Firmware, Ms N5008 Upc Firmware, Ms N5016 Pe Firmware, Ms N5008 Pe Firmware, Ms N7016 Uph Firmware, Ms N7032 Uph Firmware, Ms N7048 Uph Firmware, Ms Nxxxx Xxg Firmware, Ms Nxxxx Xxt Firmware

Milesight

21 products

Ms N5008 Uc Firmware

Ms N1008 Unc Firmware

Ms N1004 Upc Firmware

Ms N1008 Upc Firmware

Ms N1008 Unpc Firmware

Ms N5008 Upc Firmware

Ms N5016 Pe Firmware

Ms N5008 Pe Firmware

Ms N7016 Uph Firmware

Ms N7032 Uph Firmware

Ms N7048 Uph Firmware

Ms Nxxxx Xxg Firmware

Ms Nxxxx Xxt Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N5008 Uc Firmware	Before 73.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N5008 Uc	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N1008 Unc Firmware	Before 73.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N1008 Unc	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N1008 Uc Firmware	Before 73.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N1008 Uc	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N1004 Uc Firmware	Before 73.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N1004 Uc	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N5016 E Firmware	Before 75.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N5016 E	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N5008 E Firmware	Before 75.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N5008 E	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N7016 Uh Firmware	Before 71.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N7016 Uh	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N7032 Uh Firmware	Before 71.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N7032 Uh	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N8064 Uh Firmware	Before 71.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N8064 Uh	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N8032 Uh Firmware	Before 71.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N8032 Uh	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N1004 Upc Firmware	Before 73.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N1004 Upc	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N1008 Upc Firmware	Before 73.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N1008 Upc	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N1008 Unpc Firmware	Before 73.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N1008 Unpc	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N5008 Upc Firmware	Before 73.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N5008 Upc	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N5016 Pe Firmware	Before 75.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N5016 Pe	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N5008 Pe Firmware	Before 75.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N5008 Pe	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N7016 Uph Firmware	Before 71.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N7016 Uph	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N7032 Uph Firmware	Before 71.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N7032 Uph	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Milesight Ms N7048 Uph Firmware	Before 71.9.0.18-r2

Running on/with	Platform Versions
Milesight Ms N7048 Uph	All versions

Configuration T

2 vulnerable

Vulnerable Software	Affected Versions
Milesight Ms Nxxxx Xxg Firmware	Before 77.9.0.18-r2
Milesight Ms Nxxxx Xxt Firmware	Before 72.9.0.18-r2

Related CWEs

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (2)

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121

Source: vdisclose@cert-in.org.in

Third Party Advisory

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.