CVE-2023-0773

Summary

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.

Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.

Affected Software

VendorProductVersion RangeStatus
UniviewUniview IP Camera IPC322LB-SF28-ACIPC-B2303.X.X.XXXXXX <= CIPC-B2303.2.8.230105affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1213.X.X.XXXXXX <= DIPC-B1213.6.5.230215affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1216.X.X.XXXXXX <= DIPC-B1216.5.7.230109affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1221.X.X.XXXXXX <= DIPC-B1221.3.5.221202affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1222.X.X.XXXXXX <= DIPC-B1222.3.8.230223affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1225.X.X.XXXXXX <= DIPC-B1225.3.3.221123affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1226.X.X.XXXXXX <= DIPC-B1226.3.6.230105affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1219.X.X.XXXXXX <= DIPC-B1219.2.67.221019affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1223.X.X.XXXXXX <= DIPC-B1223.3.3.221123affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1228.X.X.XXXXXX <= DIPC-B1228.2.65.230207affected
UniviewUniview IP Camera IPC322LB-SF28-ADIPC-B1229.X.X.XXXXXX <= DIPC-B1229.1.67.230104affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References