Search criteria
2 vulnerabilities found for ipc322lb-sf28-a_firmware by uniview
CVE-2023-0773 (GCVE-0-2023-0773)
Vulnerability from nvd – Published: 2023-09-19 09:33 – Updated: 2024-09-25 14:40
VLAI?
Title
Unauthorized Access Control Vulnerability in Uniview IP Camera
Summary
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.
Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.
Severity ?
9.1 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Uniview | Uniview IP Camera IPC322LB-SF28-A |
Affected:
CIPC-B2303.X.X.XXXXXX , ≤ CIPC-B2303.2.8.230105
(custom)
Affected: DIPC-B1213.X.X.XXXXXX , ≤ DIPC-B1213.6.5.230215 (custom) Affected: DIPC-B1216.X.X.XXXXXX , ≤ DIPC-B1216.5.7.230109 (custom) Affected: DIPC-B1221.X.X.XXXXXX , ≤ DIPC-B1221.3.5.221202 (custom) Affected: DIPC-B1222.X.X.XXXXXX , ≤ DIPC-B1222.3.8.230223 (custom) Affected: DIPC-B1225.X.X.XXXXXX , ≤ DIPC-B1225.3.3.221123 (custom) Affected: DIPC-B1226.X.X.XXXXXX , ≤ DIPC-B1226.3.6.230105 (custom) Affected: DIPC-B1219.X.X.XXXXXX , ≤ DIPC-B1219.2.67.221019 (custom) Affected: DIPC-B1223.X.X.XXXXXX , ≤ DIPC-B1223.3.3.221123 (custom) Affected: DIPC-B1228.X.X.XXXXXX , ≤ DIPC-B1228.2.65.230207 (custom) Affected: DIPC-B1229.X.X.XXXXXX , ≤ DIPC-B1229.1.67.230104 (custom) |
Credits
This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering & Research Team, Karnataka, India.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:33.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:uniview:ip_camera_ipc322lb-sf28-a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_camera_ipc322lb-sf28-a",
"vendor": "uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019\taffected",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:27:10.328874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:40:18.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Uniview IP Camera IPC322LB-SF28-A",
"vendor": "Uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering \u0026 Research Team, Karnataka, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eThe vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\u003cbr\u003e"
}
],
"value": "The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T09:33:42.479Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\"\u003ehttps://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\u003c/a\u003e"
}
],
"value": " https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm "
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized Access Control Vulnerability in Uniview IP Camera"
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2023-0773",
"datePublished": "2023-09-19T09:33:42.479Z",
"dateReserved": "2023-02-10T11:41:27.681Z",
"dateUpdated": "2024-09-25T14:40:18.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0773 (GCVE-0-2023-0773)
Vulnerability from cvelistv5 – Published: 2023-09-19 09:33 – Updated: 2024-09-25 14:40
VLAI?
Title
Unauthorized Access Control Vulnerability in Uniview IP Camera
Summary
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.
Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.
Severity ?
9.1 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Uniview | Uniview IP Camera IPC322LB-SF28-A |
Affected:
CIPC-B2303.X.X.XXXXXX , ≤ CIPC-B2303.2.8.230105
(custom)
Affected: DIPC-B1213.X.X.XXXXXX , ≤ DIPC-B1213.6.5.230215 (custom) Affected: DIPC-B1216.X.X.XXXXXX , ≤ DIPC-B1216.5.7.230109 (custom) Affected: DIPC-B1221.X.X.XXXXXX , ≤ DIPC-B1221.3.5.221202 (custom) Affected: DIPC-B1222.X.X.XXXXXX , ≤ DIPC-B1222.3.8.230223 (custom) Affected: DIPC-B1225.X.X.XXXXXX , ≤ DIPC-B1225.3.3.221123 (custom) Affected: DIPC-B1226.X.X.XXXXXX , ≤ DIPC-B1226.3.6.230105 (custom) Affected: DIPC-B1219.X.X.XXXXXX , ≤ DIPC-B1219.2.67.221019 (custom) Affected: DIPC-B1223.X.X.XXXXXX , ≤ DIPC-B1223.3.3.221123 (custom) Affected: DIPC-B1228.X.X.XXXXXX , ≤ DIPC-B1228.2.65.230207 (custom) Affected: DIPC-B1229.X.X.XXXXXX , ≤ DIPC-B1229.1.67.230104 (custom) |
Credits
This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering & Research Team, Karnataka, India.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:33.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:uniview:ip_camera_ipc322lb-sf28-a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_camera_ipc322lb-sf28-a",
"vendor": "uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019\taffected",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:27:10.328874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:40:18.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Uniview IP Camera IPC322LB-SF28-A",
"vendor": "Uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering \u0026 Research Team, Karnataka, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eThe vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\u003cbr\u003e"
}
],
"value": "The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T09:33:42.479Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\"\u003ehttps://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\u003c/a\u003e"
}
],
"value": " https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm "
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized Access Control Vulnerability in Uniview IP Camera"
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2023-0773",
"datePublished": "2023-09-19T09:33:42.479Z",
"dateReserved": "2023-02-10T11:41:27.681Z",
"dateUpdated": "2024-09-25T14:40:18.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}