Find a vulnerability
Search criteria
16 vulnerabilities by uniview
VAR-202508-3574
Vulnerability from variot - Updated: 2025-09-11 23:45The NVR-110D-A is a member of the NVR-D series network video recorders from Uniview Technologies.
Zhejiang Uniview Technology Co., Ltd.'s NVR-110D-A has an unauthorized access vulnerability that could allow attackers to obtain sensitive information.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202508-3574",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvr-110d-a nvr 110d 106d-b3773.33.86.240816",
"scope": null,
"trust": 0.6,
"vendor": "uniview",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20040"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-20040",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2025-20040",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20040"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The NVR-110D-A is a member of the NVR-D series network video recorders from Uniview Technologies.\n\nZhejiang Uniview Technology Co., Ltd.\u0027s NVR-110D-A has an unauthorized access vulnerability that could allow attackers to obtain sensitive information.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20040"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-20040",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20040"
}
]
},
"id": "VAR-202508-3574",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20040"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20040"
}
]
},
"last_update_date": "2025-09-11T23:45:07.782000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-20040"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-20040"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-20040"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhejiang Uniview Technology Co., Ltd. NVR-110D-A has an unauthorized access vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20040"
}
],
"trust": 0.6
}
}
VAR-202409-2266
Vulnerability from variot - Updated: 2024-10-18 04:07NVR301-08-P8 is an NVR recorder device produced by Zhejiang Uniview Technology Co., Ltd.
Zhejiang Uniview Technology Co., Ltd. NVR301-08-P8 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-2266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvr301-08-p8 b3221p15",
"scope": null,
"trust": 0.6,
"vendor": "uniview",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37220"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-37220",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2024-37220",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NVR301-08-P8 is an NVR recorder device produced by Zhejiang Uniview Technology Co., Ltd.\n\nZhejiang Uniview Technology Co., Ltd. NVR301-08-P8 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37220"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-37220",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37220"
}
]
},
"id": "VAR-202409-2266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37220"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37220"
}
]
},
"last_update_date": "2024-10-18T04:07:42.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Zhejiang Uniview Technology Co., Ltd. NVR301-08-P8 has an information leakage vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/585141"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-37220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-37220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-37220"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhejiang Uniview Technology Co., Ltd. NVR301-08-P8 has an information leakage vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37220"
}
],
"trust": 0.6
}
}
VAR-201605-0621
Vulnerability from variot - Updated: 2022-05-04 10:19Yushi NVR Weak password exists, allowing initial password login
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0621",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "uniview",
"version": ";*"
}
],
"sources": [
{
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yushi NVR Weak password exists, allowing initial password login",
"sources": [
{
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
],
"trust": 0.2
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "IVD",
"id": "F70AD432-1A70-48D4-8C2A-8A4E91DFA2F6",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
]
},
"id": "VAR-201605-0621",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
]
},
"last_update_date": "2022-05-04T10:19:43.052000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-24T00:00:00",
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": []
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yushi NVR Login with default password",
"sources": [
{
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
],
"trust": 0.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weak password",
"sources": [
{
"db": "IVD",
"id": "f70ad432-1a70-48d4-8c2a-8a4e91dfa2f6"
}
],
"trust": 0.2
}
}
VAR-201605-0620
Vulnerability from variot - Updated: 2022-05-04 09:39Weak password on Yushi camera, allowing initial password login
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0620",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "uniview",
"version": ";*"
}
],
"sources": [
{
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weak password on Yushi camera, allowing initial password login",
"sources": [
{
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
],
"trust": 0.2
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "IVD",
"id": "8C417E12-65B3-11E6-8B63-2C534A0242E3",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
]
},
"id": "VAR-201605-0620",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
]
},
"last_update_date": "2022-05-04T09:39:47.726000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-24T00:00:00",
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": []
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yushi encoder weak password in the background",
"sources": [
{
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
],
"trust": 0.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weak password",
"sources": [
{
"db": "IVD",
"id": "8c417e12-65b3-11e6-8b63-2c534a0242e3"
}
],
"trust": 0.2
}
}
VAR-201608-0419
Vulnerability from variot - Updated: 2022-05-04 09:34Yushi SD camera video stream can be accessed without authorization
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0419",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "uniview",
"version": ";*"
}
],
"sources": [
{
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ad039c7a-6842-11e6-abef-00505633f35a",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yushi SD camera video stream can be accessed without authorization",
"sources": [
{
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
],
"trust": 0.2
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "IVD",
"id": "AD039C7A-6842-11E6-ABEF-00505633F35A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
]
},
"id": "VAR-201608-0419",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
]
},
"last_update_date": "2022-05-04T09:34:30.479000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-14T00:00:00",
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": []
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yushi SD camera video stream unauthorized access",
"sources": [
{
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
],
"trust": 0.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "ad039c7a-6842-11e6-abef-00505633f35a"
}
],
"trust": 0.2
}
}
VAR-201605-0619
Vulnerability from variot - Updated: 2022-05-04 09:04Weak password on Yushi camera, allowing initial password login
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0619",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "uniview",
"version": ";*"
}
],
"sources": [
{
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weak password on Yushi camera, allowing initial password login",
"sources": [
{
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
],
"trust": 0.2
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "IVD",
"id": "916520B2-31FE-11E6-A4FE-000C295D6F8E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
]
},
"id": "VAR-201605-0619",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
]
},
"last_update_date": "2022-05-04T09:04:59.305000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-24T00:00:00",
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": []
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weak password in Yushi video surveillance system background",
"sources": [
{
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
],
"trust": 0.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weak password",
"sources": [
{
"db": "IVD",
"id": "916520b2-31fe-11e6-a4fe-000c295d6f8e"
}
],
"trust": 0.2
}
}
CVE-2024-3850 (GCVE-0-2024-3850)
Vulnerability from nvd – Published: 2024-06-10 16:46 – Updated: 2024-08-26 22:44- CWE-79 - Cross-site Scripting
| Vendor | Product | Version | |
|---|---|---|---|
| Uniview | NVR301-04S2-P4 |
Affected:
0 , < NVR-B3801.20.17.240507
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T19:30:41.171743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T19:30:50.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-26T22:44:36.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/r3naissance/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3850.yaml"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR301-04S2-P4",
"vendor": "Uniview",
"versions": [
{
"lessThan": "NVR-B3801.20.17.240507",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CISA discovered a public Proof of Concept (PoC) as authored by Bleron Rrustemi and reported it to Uniview."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.\u003c/span\u003e\n\n"
}
],
"value": "Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:46:42.766Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUniview encourages users to obtain the fixed version, Uniview NVR-B3801.20.17.240507, and update. You may contact your local dealer, \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.uniview.com/Support/Service_Hotline/\"\u003eUniview Service Hotline\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, or regional technical support for assistance.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Uniview encourages users to obtain the fixed version, Uniview NVR-B3801.20.17.240507, and update. You may contact your local dealer, Uniview Service Hotline https://www.uniview.com/Support/Service_Hotline/ , or regional technical support for assistance."
}
],
"source": {
"advisory": "ICSA-24-156-01",
"discovery": "EXTERNAL"
},
"title": "Uniview NVR301-04S2-P4 Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3850",
"datePublished": "2024-06-10T16:46:42.766Z",
"dateReserved": "2024-04-15T19:49:14.162Z",
"dateUpdated": "2024-08-26T22:44:36.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0778 (GCVE-0-2024-0778)
Vulnerability from nvd – Published: 2024-01-22 16:00 – Updated: 2025-05-30 14:22 Unsupported When Assigned- CWE-78 - OS Command Injection
| URL | Tags |
|---|---|
| https://vuldb.com/?id.251696 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.251696 | signaturepermissions-required |
| https://github.com/dezhoutorizhao/cve/blob/main/rce.md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Uniview | ISC 2500-S |
Affected:
20210930
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251696"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251696"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:35:57.768266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:22:50.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ISC 2500-S",
"vendor": "Uniview",
"versions": [
{
"status": "affected",
"version": "20210930"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h3110w0r1d (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Uniview ISC 2500-S bis 20210930 entdeckt. Es geht hierbei um die Funktion setNatConfig der Datei /Interface/DevManage/VM.php. Mittels dem Manipulieren des Arguments natAddress/natPort/natServerPort mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T16:00:06.512Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251696"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251696"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-01-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-22T10:29:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Uniview ISC 2500-S VM.php setNatConfig os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0778",
"datePublished": "2024-01-22T16:00:06.512Z",
"dateReserved": "2024-01-22T09:23:35.184Z",
"dateUpdated": "2025-05-30T14:22:50.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0773 (GCVE-0-2023-0773)
Vulnerability from nvd – Published: 2023-09-19 09:33 – Updated: 2024-09-25 14:40- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | |
| https://global.uniview.com/About_Us/Security/Noti… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Uniview | Uniview IP Camera IPC322LB-SF28-A |
Affected:
CIPC-B2303.X.X.XXXXXX , ≤ CIPC-B2303.2.8.230105
(custom)
Affected: DIPC-B1213.X.X.XXXXXX , ≤ DIPC-B1213.6.5.230215 (custom) Affected: DIPC-B1216.X.X.XXXXXX , ≤ DIPC-B1216.5.7.230109 (custom) Affected: DIPC-B1221.X.X.XXXXXX , ≤ DIPC-B1221.3.5.221202 (custom) Affected: DIPC-B1222.X.X.XXXXXX , ≤ DIPC-B1222.3.8.230223 (custom) Affected: DIPC-B1225.X.X.XXXXXX , ≤ DIPC-B1225.3.3.221123 (custom) Affected: DIPC-B1226.X.X.XXXXXX , ≤ DIPC-B1226.3.6.230105 (custom) Affected: DIPC-B1219.X.X.XXXXXX , ≤ DIPC-B1219.2.67.221019 (custom) Affected: DIPC-B1223.X.X.XXXXXX , ≤ DIPC-B1223.3.3.221123 (custom) Affected: DIPC-B1228.X.X.XXXXXX , ≤ DIPC-B1228.2.65.230207 (custom) Affected: DIPC-B1229.X.X.XXXXXX , ≤ DIPC-B1229.1.67.230104 (custom) |
|
| uniview | ip_camera_ipc322lb-sf28-a |
Affected:
CIPC-B2303.X.X.XXXXXX , ≤ CIPC-B2303.2.8.230105
(custom)
Affected: DIPC-B1213.X.X.XXXXXX , ≤ DIPC-B1213.6.5.230215 (custom) Affected: DIPC-B1216.X.X.XXXXXX , ≤ DIPC-B1216.5.7.230109 (custom) Affected: DIPC-B1221.X.X.XXXXXX , ≤ DIPC-B1221.3.5.221202 (custom) Affected: DIPC-B1222.X.X.XXXXXX , ≤ DIPC-B1222.3.8.230223 (custom) Affected: DIPC-B1225.X.X.XXXXXX , ≤ DIPC-B1225.3.3.221123 (custom) Affected: DIPC-B1226.X.X.XXXXXX , ≤ DIPC-B1226.3.6.230105 (custom) Affected: DIPC-B1219.X.X.XXXXXX , ≤ DIPC-B1219.2.67.221019 affected (custom) Affected: DIPC-B1223.X.X.XXXXXX , ≤ DIPC-B1223.3.3.221123 (custom) Affected: DIPC-B1228.X.X.XXXXXX , ≤ DIPC-B1228.2.65.230207 (custom) Affected: DIPC-B1229.X.X.XXXXXX , ≤ DIPC-B1229.1.67.230104 (custom) cpe:2.3:h:uniview:ip_camera_ipc322lb-sf28-a:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:33.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:uniview:ip_camera_ipc322lb-sf28-a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_camera_ipc322lb-sf28-a",
"vendor": "uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019\taffected",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:27:10.328874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:40:18.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Uniview IP Camera IPC322LB-SF28-A",
"vendor": "Uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering \u0026 Research Team, Karnataka, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eThe vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\u003cbr\u003e"
}
],
"value": "The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T09:33:42.479Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\"\u003ehttps://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\u003c/a\u003e"
}
],
"value": " https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm "
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized Access Control Vulnerability in Uniview IP Camera"
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2023-0773",
"datePublished": "2023-09-19T09:33:42.479Z",
"dateReserved": "2023-02-10T11:41:27.681Z",
"dateUpdated": "2024-09-25T14:40:18.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45039 (GCVE-0-2021-45039)
Vulnerability from nvd – Published: 2023-05-31 00:00 – Updated: 2025-01-10 16:32- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ssd-disclosure.com/ssd-advisory--uniview-preauth-rce/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.uniview.com/About_Us/Security/Notice/202112/920471_140493_0.htm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-45039",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:31:44.913582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:32:47.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ssd-disclosure.com/ssd-advisory--uniview-preauth-rce/"
},
{
"url": "https://www.uniview.com/About_Us/Security/Notice/202112/920471_140493_0.htm"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45039",
"datePublished": "2023-05-31T00:00:00.000Z",
"dateReserved": "2021-12-13T00:00:00.000Z",
"dateUpdated": "2025-01-10T16:32:47.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14923 (GCVE-0-2018-14923)
Vulnerability from nvd – Published: 2018-08-03 20:00 – Updated: 2024-09-17 02:12- n/a
| URL | Tags |
|---|---|
| http://www.cnvd.org.cn/flaw/show/1325763 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:24.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-03T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/1325763",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14923",
"datePublished": "2018-08-03T20:00:00.000Z",
"dateReserved": "2018-08-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:12:04.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3850 (GCVE-0-2024-3850)
Vulnerability from cvelistv5 – Published: 2024-06-10 16:46 – Updated: 2024-08-26 22:44- CWE-79 - Cross-site Scripting
| Vendor | Product | Version | |
|---|---|---|---|
| Uniview | NVR301-04S2-P4 |
Affected:
0 , < NVR-B3801.20.17.240507
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T19:30:41.171743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T19:30:50.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-26T22:44:36.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/r3naissance/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3850.yaml"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR301-04S2-P4",
"vendor": "Uniview",
"versions": [
{
"lessThan": "NVR-B3801.20.17.240507",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CISA discovered a public Proof of Concept (PoC) as authored by Bleron Rrustemi and reported it to Uniview."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.\u003c/span\u003e\n\n"
}
],
"value": "Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:46:42.766Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUniview encourages users to obtain the fixed version, Uniview NVR-B3801.20.17.240507, and update. You may contact your local dealer, \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.uniview.com/Support/Service_Hotline/\"\u003eUniview Service Hotline\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, or regional technical support for assistance.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Uniview encourages users to obtain the fixed version, Uniview NVR-B3801.20.17.240507, and update. You may contact your local dealer, Uniview Service Hotline https://www.uniview.com/Support/Service_Hotline/ , or regional technical support for assistance."
}
],
"source": {
"advisory": "ICSA-24-156-01",
"discovery": "EXTERNAL"
},
"title": "Uniview NVR301-04S2-P4 Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3850",
"datePublished": "2024-06-10T16:46:42.766Z",
"dateReserved": "2024-04-15T19:49:14.162Z",
"dateUpdated": "2024-08-26T22:44:36.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0778 (GCVE-0-2024-0778)
Vulnerability from cvelistv5 – Published: 2024-01-22 16:00 – Updated: 2025-05-30 14:22 Unsupported When Assigned- CWE-78 - OS Command Injection
| URL | Tags |
|---|---|
| https://vuldb.com/?id.251696 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.251696 | signaturepermissions-required |
| https://github.com/dezhoutorizhao/cve/blob/main/rce.md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Uniview | ISC 2500-S |
Affected:
20210930
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251696"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251696"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:35:57.768266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:22:50.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ISC 2500-S",
"vendor": "Uniview",
"versions": [
{
"status": "affected",
"version": "20210930"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h3110w0r1d (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Uniview ISC 2500-S bis 20210930 entdeckt. Es geht hierbei um die Funktion setNatConfig der Datei /Interface/DevManage/VM.php. Mittels dem Manipulieren des Arguments natAddress/natPort/natServerPort mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T16:00:06.512Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251696"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251696"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-01-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-22T10:29:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Uniview ISC 2500-S VM.php setNatConfig os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0778",
"datePublished": "2024-01-22T16:00:06.512Z",
"dateReserved": "2024-01-22T09:23:35.184Z",
"dateUpdated": "2025-05-30T14:22:50.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0773 (GCVE-0-2023-0773)
Vulnerability from cvelistv5 – Published: 2023-09-19 09:33 – Updated: 2024-09-25 14:40- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | |
| https://global.uniview.com/About_Us/Security/Noti… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Uniview | Uniview IP Camera IPC322LB-SF28-A |
Affected:
CIPC-B2303.X.X.XXXXXX , ≤ CIPC-B2303.2.8.230105
(custom)
Affected: DIPC-B1213.X.X.XXXXXX , ≤ DIPC-B1213.6.5.230215 (custom) Affected: DIPC-B1216.X.X.XXXXXX , ≤ DIPC-B1216.5.7.230109 (custom) Affected: DIPC-B1221.X.X.XXXXXX , ≤ DIPC-B1221.3.5.221202 (custom) Affected: DIPC-B1222.X.X.XXXXXX , ≤ DIPC-B1222.3.8.230223 (custom) Affected: DIPC-B1225.X.X.XXXXXX , ≤ DIPC-B1225.3.3.221123 (custom) Affected: DIPC-B1226.X.X.XXXXXX , ≤ DIPC-B1226.3.6.230105 (custom) Affected: DIPC-B1219.X.X.XXXXXX , ≤ DIPC-B1219.2.67.221019 (custom) Affected: DIPC-B1223.X.X.XXXXXX , ≤ DIPC-B1223.3.3.221123 (custom) Affected: DIPC-B1228.X.X.XXXXXX , ≤ DIPC-B1228.2.65.230207 (custom) Affected: DIPC-B1229.X.X.XXXXXX , ≤ DIPC-B1229.1.67.230104 (custom) |
|
| uniview | ip_camera_ipc322lb-sf28-a |
Affected:
CIPC-B2303.X.X.XXXXXX , ≤ CIPC-B2303.2.8.230105
(custom)
Affected: DIPC-B1213.X.X.XXXXXX , ≤ DIPC-B1213.6.5.230215 (custom) Affected: DIPC-B1216.X.X.XXXXXX , ≤ DIPC-B1216.5.7.230109 (custom) Affected: DIPC-B1221.X.X.XXXXXX , ≤ DIPC-B1221.3.5.221202 (custom) Affected: DIPC-B1222.X.X.XXXXXX , ≤ DIPC-B1222.3.8.230223 (custom) Affected: DIPC-B1225.X.X.XXXXXX , ≤ DIPC-B1225.3.3.221123 (custom) Affected: DIPC-B1226.X.X.XXXXXX , ≤ DIPC-B1226.3.6.230105 (custom) Affected: DIPC-B1219.X.X.XXXXXX , ≤ DIPC-B1219.2.67.221019 affected (custom) Affected: DIPC-B1223.X.X.XXXXXX , ≤ DIPC-B1223.3.3.221123 (custom) Affected: DIPC-B1228.X.X.XXXXXX , ≤ DIPC-B1228.2.65.230207 (custom) Affected: DIPC-B1229.X.X.XXXXXX , ≤ DIPC-B1229.1.67.230104 (custom) cpe:2.3:h:uniview:ip_camera_ipc322lb-sf28-a:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:33.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:uniview:ip_camera_ipc322lb-sf28-a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_camera_ipc322lb-sf28-a",
"vendor": "uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019\taffected",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:27:10.328874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:40:18.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Uniview IP Camera IPC322LB-SF28-A",
"vendor": "Uniview",
"versions": [
{
"lessThanOrEqual": "CIPC-B2303.2.8.230105",
"status": "affected",
"version": "CIPC-B2303.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1213.6.5.230215",
"status": "affected",
"version": "DIPC-B1213.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1216.5.7.230109",
"status": "affected",
"version": "DIPC-B1216.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1221.3.5.221202",
"status": "affected",
"version": "DIPC-B1221.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1222.3.8.230223",
"status": "affected",
"version": "DIPC-B1222.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1225.3.3.221123",
"status": "affected",
"version": "DIPC-B1225.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1226.3.6.230105",
"status": "affected",
"version": "DIPC-B1226.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1219.2.67.221019",
"status": "affected",
"version": "DIPC-B1219.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1223.3.3.221123",
"status": "affected",
"version": "DIPC-B1223.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1228.2.65.230207",
"status": "affected",
"version": "DIPC-B1228.X.X.XXXXXX",
"versionType": "custom"
},
{
"lessThanOrEqual": "DIPC-B1229.1.67.230104",
"status": "affected",
"version": "DIPC-B1229.X.X.XXXXXX",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering \u0026 Research Team, Karnataka, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eThe vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\u003cbr\u003e"
}
],
"value": "The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T09:33:42.479Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2023-0270"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\"\u003ehttps://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm\u003c/a\u003e"
}
],
"value": " https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm "
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized Access Control Vulnerability in Uniview IP Camera"
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2023-0773",
"datePublished": "2023-09-19T09:33:42.479Z",
"dateReserved": "2023-02-10T11:41:27.681Z",
"dateUpdated": "2024-09-25T14:40:18.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45039 (GCVE-0-2021-45039)
Vulnerability from cvelistv5 – Published: 2023-05-31 00:00 – Updated: 2025-01-10 16:32- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ssd-disclosure.com/ssd-advisory--uniview-preauth-rce/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.uniview.com/About_Us/Security/Notice/202112/920471_140493_0.htm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-45039",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:31:44.913582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:32:47.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ssd-disclosure.com/ssd-advisory--uniview-preauth-rce/"
},
{
"url": "https://www.uniview.com/About_Us/Security/Notice/202112/920471_140493_0.htm"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45039",
"datePublished": "2023-05-31T00:00:00.000Z",
"dateReserved": "2021-12-13T00:00:00.000Z",
"dateUpdated": "2025-01-10T16:32:47.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14923 (GCVE-0-2018-14923)
Vulnerability from cvelistv5 – Published: 2018-08-03 20:00 – Updated: 2024-09-17 02:12- n/a
| URL | Tags |
|---|---|
| http://www.cnvd.org.cn/flaw/show/1325763 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:24.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-03T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/1325763",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14923",
"datePublished": "2018-08-03T20:00:00.000Z",
"dateReserved": "2018-08-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:12:04.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}